It only took a day from the news becoming public that someone had hacked into the iCloud account of Pippa Middleton, the sister of Princess Kate, the Duchess of Cambridge for authorities to make an arrest. According to Scotland Yard, a thirty-five year old man has been arrested on suspicion of a Computer Misuse Act Offense related to the hacking. The hacker claimed to have stolen about 3,000 private photographs including some of her sister Kate as well as her children Prince George and Princess Charlotte along with nude photos of her fiance James Matthews. Someone purporting to be the hacker contacted several media outlets offering to sell the photographs for approximately $65,000. At the present time, it is not known how the security breach occurred. You may remember that it was not long ago that photos of nude celebrities such as Jennifer Lawrence and Kate Upton that had been stored on iCloud were hacked and released to the public. In those instances, the hacker obtained the usernames and passwords of his victims by merely sending phishing emails to his victims that appeared to come from Apple in which his victims were asked to verify their accounts by clicking on a link which took them to a website that appeared to be a login page for Apple. Once they entered their information, the hacker had all the information that he needed to access his victims’ accounts. Although Kate Upton and Jennifer Lawrence as well as a number of other hacked celebrities did not use it, Apple has a dual factor authentication security option by which a user’s account can only be accessed after he or she has received an authentication code on their smartphone each time a user accesses his or her account. Had this security option been used by the hackers of Kate Upton, Jennifer Lawrence and other hacked celebrities involved in the celebrity nude photo hacking, their security would not have been breached. It is a good option for everyone.
For anyone who uses iCloud, you should first protect yourself from phishing attacks, such as the one that was used against Kate Upton and Jennifer Lawrence by always being skeptical when you are asked to provide personal information, such as your user name, password or any other personal information in response to an email or text message. Trust me, you can’t trust anyone. Always look for telltale signs that the communication is phony, such as bad grammar or the sender’s email address which may not relate to the real company purporting to send you the email. Beyond this, even if the email or text message appears legitimate, it is just too risky to provide personal information in response to any email or text message until you have independently verified the message by contacting the real company that purportedly is sending the message. In addition, you should also use dual factor authentication, which is another tool that would have prevented the Kate Upton and Jennifer Lawrence hacking.