It was seven years ago that I reported to you about stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Kayley Cuoco, Kim Kardashian, Scarlet Johannsson and others that were posted on the Internet by the hackers.  The photos were taken from Apple’s iCloud.   The problem then and now was not with Apple iCloud security, but rather with the people posting their photos there.  Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos.  Obtaining an email address is a relatively easy task for any hacker and then through social engineering, the hackers posed as Apple security employees and merely asked for the passwords used by the celebrities who provided them to the hackers.

It is said that those who forget history are doomed to repeat it and that is exactly what recently happened.  Hao Kou Chi, a Californian sold his services as a hacker for hire to anyone who wanted nude photos stored in iCloud accounts of particular people.  Similar to what happened in 2014, Chi emailed his victims posing as iCloud security from the email addresses “applebackupicloud” and “backupagenticloud” which appeared legitimate.  He then tricked his victims to providing him with their iCloud account usernames and passwords which enabled him to gain access to their photos stored in the cloud.  All in all, Chi stole 620,000 photos and 9,000 videos.  Chi has been arrested and has pleaded guilty.


So how do you protect the security of your account in the cloud?

For starters, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also and most importantly, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Chi’s victims used the two-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link.