Celeb Photo Hack Points to Cloud Storage Insecurities


This weekend, a subject that’s usually reserved for the fevered dreams of adolescent boys hitting Google – that of nude celebrity photos – made national headlines. It seems that sensitive photos of celebrities like Jennifer Lawrence, Kate Upton, Rhianna, and many more have been pilfered and posted online, with many of the photos confirmed to be legitimate. Apparently, these photos were mostly grabbed from the users’ iCloud storage lockers, revealing the issues inherent in storing sensitive data in the cloud.

According to a post on TechCrunch, the images have been floating on the 4Chan message boards, but have since spilled out onto the wider web, particularly on image hosting sites like Imgur. The most likely method by which these photos were obtained, however, appears to be one of the simplest forms of hacking: guessing.

Because there hasn’t been news regarding security breaches of Apple’s iCloud service, tech security experts (quoted by the Guardian) speculate that it’s more likely that the celebrities’ usernames and passwords could have been guessed by those looking to gain access. Because so much information about celebrities is public knowledge, it’s not as tough to answer security questions and reset passwords, or to simply guess passwords using that information.

The other explanation that’s floating around is that of phishing, that is sending phony emails to users’ accounts that direct them to sites that appear to be legitimate, and then prompting them to enter their usernames and passwords there. This is a technique that fools everyday users on a regular basis, so it’s not too outlandish to guess that celebs quickly checking email on their iPhones may not be paying close attention to where they’re entering their sensitive information.

There are a few important lessons to take away from this story. For starters, it’s always wise to use passwords that aren’t closely related to your personal life. If it’s easy for you to remember, it’s probably easy for someone to guess – instead, try to use a unique code or phrase that’s different from site to site. It’s a pain to do, but it’ll ensure more security in general. Second, do your best to avoid putting sensitive information in the cloud, no matter how secure you think your account is. That means that photos you want to keep secret should probably not be uploaded to your iCloud account – whether that be something you do manually, or something that happens automatically.

Finally – and this is the big one – don’t take naked pictures of yourself using your phone. What are you, nuts?

[Sources: TechCrunch, the Guardian]