Celebrity Hacks – What Lessons Can We Learn?

The relatively new phenomenon of ‘Fappening’ began last year with the release of private and mostly compromising pictures of some fairly prominent celebrities. Recent reports state that almost 600 celebrity iCloud accounts were hacked last year, with the alleged offender appearing to access each account over 3,000 times over a 12 month period.

It is the iCloud Backup system that has been blamed, with critics calling Apple’s service weak, something that became more and more evident with every leaked photograph. What appears to have allowed hackers in was a lack of resistance against ‘brute force’ attacks, something that has left accounts vulnerable to persistent hacks.

So celebrities have been hacked, is this something that affects us? When you reach a certain level of fame you are always open to this types of intrusion into your privacy. It isn’t morally right perhaps, but in many ways it is inevitable. The problem doesn’t end with the rich and famous though and if hackers are able to access high profile accounts then they will also be able to get access to yours. The idea of hacking a cloud account isn’t just reserved for celebrities, and there are many lessons that can be learnt from what those that have been attacked have been through.

Strong Passwords
The way that hacker’s accessed celebrity accounts appeared to be through ‘brute force’ attacks that meant they were able to work out a password. That combined with a relatively easy to source email address gives instant access to the account.

To combat this choose strong, hard to guess passwords that combine both letters and numbers. Make them long but easy to remember, using phrases as opposed to single words. Have variations for different email accounts, bank accounts and apps too. That way if one is hacked it will not compromise your entire virtual world.

Two-Factor Authentication
Many cloud services, including Apple’s, offer the option of two-factor authentication. After you enter your permanent password, you are asked for a second temporary password or number that is automatically generated on a device or sent to you in a text message. This adds an additional level of security and is something that should be embraced and replicated by the cloud services you use.

Backups
Another factor to the celebrity hack scandal revolves around the fact that default security settings for iCloud automatically upload photos and videos to their backup, meaning that even if you delete them on your device it is still possible that they still exist in the cloud. This does allow you the convenience of accessing images on all your devices, but it also keeps those you might think are gone.

The solution is to use encryption so that only you have the key. This means that even if the photos do still exist, you are not allowing the cloud service provider to view them. Familiarising yourself with the default settings of your backup is also useful, to make sure that you are happy with what they will automatically do.

Encryption
If you are working with data such as contracts, financial statements or other important documents, you must make sure that wherever they are stored they are encrypted and protected by strong authentication. Don’t fall into the trap of using the service provider’s encryption, or some other ‘freeware’ from the internet. Use recognised, reputable products and always separate the duties on who holds the data and who holds the encryption key internally. That leaves only the data owner holding all the elements and with direct access to the data.

The cloud is an innovation to be embraced rather than feared. It allows us to access information anywhere in the world, streamlining office practices and keeping our information safely stored, away from vulnerable devices. It can though face its own risks, so following certain protocol is a must.

With the simple tips above you can avoid your own data being freely hacked and leaked, or used against you. For more information on how Digital Pathways can further increase your security online call 0844 586 0040 or fill in the form and we will get right back to you.

Mobile Security - How secure is yours?
Comms Business Awards