In my Scam of the day for September 2, 2014 I told you about the stealing of nude photos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Kim Kardashian and Hope Solo that were posted online. It has taken almost a year, but it appears the FBI has made a major breakthrough in the case following the execution of a search warrant of the home and computers of a Chicago man whose computers had been used to hack approximately 572 iCloud accounts. The details of the search warrant also confirmed how the hackings were accomplished which had less to do with Apple’s security and more to do with the celebrities falling prey to phishing emails and password resetting that enabled the hacker to gain access to the victims’ iCloud accounts and other times stealing the photos directly from the hacked phones.
Using the “forgot password” link on Apple’s iCloud, it appears in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts. In other instances, the phones were hacked directly from where the photos were stolen.
There are a number of lessons that we all can learn from how easy it was for the hacker to steal these photos. All of us can be targets of hacking and we need to protect ourselves. You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password. Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also, take advantage of the dual-factor identification protocols offered by Apple and many others. With dual-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.