Hundreds of nude images of celebrities have spread online, in an event dubbed on social media as “The Fappening.” Explicit photographs purportedly showing A-list celebrities including Jennifer Lawrence, Selena Gomez and Kate Upton were leaked online in a reported hack into their iCloud accounts. Metro speaks to Rik Ferguson, vice president of Security Research at Trend Micro, an information security firm, on how the hack might have taken place and what people can do to make their online data safe.
How do you think this iCloud hack managed to happen?
To be honest, this is less likely of being a wide-scale iCloud hack than an attack directed towards the affected individuals. The celebrities’ accounts could have been targeted in several different ways. But the most likely scenario for me is this one: the hacker already knew the victim’s email address for using iCloud, clicked the “I forgot my password” link, a standard “security question” (like their mother’s maiden name) popped up and the hacker answered it. The trouble for celebrities is that much of their personal information is not so secret. The attacker could have also accessed their iCloud via their webmail account, which was perhaps easier to hack.
Technology makes it easier to have your information stolen.
It’s interesting to note that before digital photography, taking nude images was a big no-no as you would have had to give the camera film to somebody else to get the images developed. However, even today when you take a photo with your smartphone, it’s immediately sent to your cloud service, so it’s not just contained on your personal device.
What lessons can people learn from this scandal?
We are learning far too slowly to take care of our online persona. For example, even if you’ve deleted an image from your smartphone, it’s still out there somewhere on the internet, on a cloud service or on some other account. People should start using secure password management services. Users should also enable their two-factor authentication for iCloud, a feature people all too often avoid setting up. Or even with a security question, like ‘your mother’s maiden name’, why not make up a name instead of using the real one?