Celebrity Photo Hack has Raise Security Fears for iCloud Users

Celebrity Photo Hack has Raise Security Fears for iCloud Users

Has the leak of high-profile celebrities private photos made you think twice about what you store online?

iCloud security risk

What happened?

100 celebrities got hacked, which lead to some of them having nude photos being leaked. Jennifer Lawrence, Winona Ryder and Kirstin Dunst were just some of the celebrates that had pictures stolen, and then posted on a message board on 4chan. Some of the photos were confirmed as real by the celebrities, but some clamed the pictures were faked.

At the time of writing, it’s not yet clear just how such a large number of celebrities got hacked in just one go. Initial reports have suggested Apples iCloud was the culprit, as iPhones will automatically sync images to the cloud as part of a back up, and some of the users might not of been aware of this. A security researcher has revealed a way of braking into iPhone accounts that uses a script to guess the password and will not trigger the automatic lockdown if the password is typed in wrong to many times.

In some of the naked selfies that were taken by celebrities, the phone used could be identified as Android and not an iPhone, this suggests the leak was not limited to just the iCloud. The developers behind the iPhone password hack only made the details of the process available the day before the photos got leaked, this left little time to hack so many people, Security experts Rik Ferguson and Trend Micro have suggested the celebrities were victims of a phishing attack instead.

The victims of the hack and people following the story may never get the full answer to how it happened, but the FBI and Apple have both said they will investigate it. Since the hack Apple have added some new security features to their iCloud services called two-step verification to try and stop this in the future. Twitter has suspended several accounts that were posting the stolen nude images, however this did not stop the images from spreading across the web.

How will it affect you?

Don’t try and find or share theses photos as Lawrence has said she will take legal action against anyone that posts the images online, other celebrities may also follow suite.

You might want to consider if your own photos (naked or otherwise) are stored being securely, you should make sure your phone is protected, with a password or PIN. While typing a PIN in every time you want to use your phone might be annoying but if you lose it or it gets stolen you will be glad you took the time to make it secure. When using websites or online services you should always have a complicated password, it might be hard to remember it but you can get password managers like 1Password or LastPass to help you.

If the hack was through iCloud many of the victims might not even realise their photos have been stolen, as they might not know Apple uploads them to its online storage service automatically. You should turn off automated back ups if you have sensitive photos you don’t want leaked.

On iOS:

  • Go to iCloud
  • Settings and then disable Photo Stream

On Android:

  • Open the Photos app
  • Tap Settings
  • Auto-Backup and un-tick ‘Back up local folders

What do I think?

We are all smart with the benefit of hindsight, but I bet most of the celebrities that got hacked will be kicking themselves for being stupid enough to take photos they would not want anyone else to see and then not protect them properly. I bet most of us don’t always take the necessary precautions when it comes to online services, how many of us can say they have a strong and unique password for every site or services we use? Hackers may not be hell-bent on finding naked photos of us (we don’t all have Lawrences figure), but we are all targets, whether it’s for our email logins, eBay account or bank details. We should not blame the victims, instead we should reprimand the hackers and criticise the poor or bad security systems. When iCloud or any other big online services gets hacked they are rarely held responsible, instead we blame the victims for using weak passwords.

I think tech companies could do a lot more to protect their users. Hopefully, this invasive and upsetting hack will be enough to make people think twice about what password they use and how important it is to have secure communications and storage, hopefully tech company’s will understand they need to take better care of their customers, we can all hope right?

Share Button

Leave a Reply