Recently the nude photos of celebrities were hacked & leaked serve as a vivid reminder about Internet security and the question of whether the vast majority of Internet users are also vulnerable to such an hacking attack.
It hasn’t been confirmed that all the photos of celebrities are real, or even that Apple’s iCloud service was hacked, as reports indicate. But they do highlight that our faith in the security of the Internet isn’t always answered. Here’s what we know and what we don’t know.
Who Was Hacked?
We don’t know if the photos were truly taken from Apple iCloud or somewhere else, for example, just Photoshopped by someone looking for publicity.
If you believe the still unknown hacker or hackers, more than 100 celebrities had nude photos harvested, some of them explicit — with more photos to come. Jennifer Lawrence’s publicity team called the alleged pictures of the Oscar winner “a flagrant violation of privacy” and promised prosecution, while Mary Elizabeth Winstead said on Twitter that photos of her were ones the singer and actress thought she’d deleted herself.
The FBI said Monday it’s “aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter.” Meanwhile, Apple Inc. — whose cloud storage service many of the photos appeared to have come from — said it’s “actively investigating” the claims.
How the photos hacked ?
That hasn’t been nailed down, but there are three main theories. One is what’s known as a social engineering attack — the hackers simply guessed a celeb’s password or got it from a friend.
The second theory is what’s called a brute-force attack. Announcement of the leak came very quickly after a team of developers revealed on tech forums that they’d found a bug in Apple’s Find My iPhone service allowing anybody who learns your username to simply keep entering hundreds or thousands of passwords.
Once the hacker had an email address and either a username or a password, he or she could have gone to any one of a number of sites and used the “forgot my login” feature to get access to that site — and very likely several other sites, because the painful truth is that most people use the same login information for most of their online activities, security experts said.
How Safe Are You?
Millions of people and companies upload their most important data to services like Apple iCloud and Dropbox — lot’s of online servers that you access as though they were your own hard drive. That way, “you can always have a backup if your computer is lost or stolen,” said Mark Rasch of Rasch Technology and Cyberlaw, who’s a former director of the Justice Department’s Computer Crime Unit.
But if you store your data in the cloud, the cloud then becomes a one-stop shop for hackers ” Rasch told NBC News. “Hackers only have to break in one place to get everybody’s data.” If hackers were able to get the files they claimed over the weekend, they “can get files about anybody,” he said.
How can you keep yourself safe from Hacking attacks ?
To protect yourself from such hacking attacks, at least somewhat, security experts gave the same advice you’ve probably heard before:
- Consider whether you really want to store private pictures on the Internet
- Pick hard-to-guess passwords that aren’t based on real words or personal data that a thief might be able to harvest elsewhere, for example from public records, like your birthday. And make sure they include punctuation marks, capital letters and numbers.
- Don’t use the same password on any other site.
- If a service provides something called two-factor authentication — a system that sends a special one-time-only code to your phone, which you have to enter every time you try to log in — use it.