News of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johannsson and others is sweeping across the Internet. Although a few of the named celebrities, such as Victoria Justice have denied the accuracy of the photographs, many of the celebrities including Jennifer Lawrence and Kate Upton have confirmed that, much to their chagrin, the photos and videos are real. Although the exact manner by which these photographs and videos were hacked and stolen is not known at the moment, it appears that they were taken from Apple’s iCloud. The possibility exists that a vulnerability in Apple’s iCloud security is at the root of the problem, but another scenario is that the fault is with the individuals who took these photographs and videos of themselves. Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos. Obtaining an email address is a relatively easy task for any hacker and passwords can be obtained either from other hacked devices or by, as often is the case, by using the “forgot password” link on Apple’s iCloud, as with other accounts. The answers to the security questions used to obtain the password through the “forgot password” function are generally easy to find for celebrities whose personal information, such as where they went to high school or other information used in security questions is easily found online.
The security flaw, however may also have been with Apple. A vulnerability with the Find My iPhone may have permitted hackers to use a brute force attach whereby they would flood the page with computer generated passwords until the correct password was guessed. This vulnerability has now been patched and brute force attacks will not be effective because repeated failures to enter the correct password will result in the user being locked out.
So what does all of this mean to you?
This hacking presents two separate problems. The first is that identity thieves will be taking advantage of the public’s interest in these photos and videos. You will be receiving emails, text messages or social media postings with links that promise to bring you to these stolen photographs that will download keystroke logging malware when you click on the links. Once this malware is installed on your computer, smartphone or other portable device, your personal information will be stolen and the information will be used to make you a victim of identity theft.
The second problem is the same problem faced by the celebrities whose accounts were hacked. How do you keep your accounts secure?
Don’t give in to the temptation to view these photos and videos online. Ethically, it is the wrong thing to do. However, it also is too risky an activity. You cannot trust any email, text message or social media posting that promises access to these photos and videos. Many of these will be laced with malware and you cannot know which one’s to trust. Trust me, you can’t trust anyone. In addition, identity thieves will be setting up phony websites that promise to provide these photos and videos, but again will only end up installing malware on your computer when you click on links in these websites. Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.
As for securing your own account, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password. Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also, take advantage of the two-factor identification protocols offered by Apple and many others. With two-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other hacked celebrities used the two-factor identification protocol, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.