In my Scam of the day for September 2, 2014 I told you about the stealing of nude photos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Kim Kardashian and Hope Solo that were posted online. Now it has just been reported that model/actress Charlotte McKinney who recently was a contestant on Dancing With the Stars had topless photos hacked which were then posted on Instagram for a short period of time. This story has two lessons. The first is that everyone, regardless of whether or not you are a celebrity should take the steps necessary to protect the security of their photos and other data. Although we do not yet know precisely how Ms. McKinney’s photos were hacked, it is reasonable to conjecture that they were stolen in the same manner that photos were stolen in last year’s celebrity hacking. According to FBI records, the hacking had less to do with Apple’s iPhone and iCloud security and more to do with the celebrities falling prey to phishing emails and password resetting that enabled the hacker to gain access to the victims’ iCloud accounts and other times stealing the photos directly from the hacked phones.
In addition to stealing the photographs from Ms. McKinney, the hackers also managed to gain access to her Instagram account to temporarily post the photos before they were taken down. Anyone who has access to your email address who is able to either guess or steal your password can gain access to your Instagram account.
Using the “forgot password” link on Apple’s iCloud, it appears in last year’s hacking in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts. In other instances, the photos were stolen directly from the victims’ smartphones which were hacked.
The second lesson is for people who may be curious about seeing the topless photos of Charlotte McKinney to be very wary of emails, text message, websites or links that promise to take you to those photos, which have already been removed from Instagram. Trust me, you can’t trust anyone. Identity thieves will attach malware to links that promise to provide you with the photos. This malware will steal all of the information from your computer or smartphone and put you in danger of identity theft. Don’t fall for this scam.
All of us can be targets of hacking and we need to protect ourselves. You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password. Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also, take advantage of the dual-factor identification protocols offered by Apple and many others when possible although Instagram does not offer this service. With dual-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.