Here’s a question for you. What do Jennifer Lawrence, Kate Upton, and Kirsten Dunst have in common? They’ve all had nude photos of themselves stolen and then leaked on the Internet. Ooops!
Over a couple of days the list grew to 100 celebrity women — and one man — whose photos were supposedly downloaded and stolen by a hacker. Many of the personal images were nude or sexually explicit. The stolen photographs were posted onto 4Chan and then Reddit and from there went viral.
So what happened?
Speculation is that Apple’s Find My iPhone feature is the culprit. This feature doesn’t limit the number of password attempts. Hackers can make rapid-fire attempts until they correctly guess an account’s password. That is exactly what many are saying happened here.
Security experts suggest if Apple used a two-step verification process this breach never would have happened. With a two-step verification you need a password and a verification code (which is sent to your phone, email, or a secondary device) in order to log in. A hacker would need access to the secondary verification device, along with the password, in order to break into the iCloud camera roll. That’s not a very likely scenario.
What does Apple have to say about this tangled mess? They’re not taking the blame. After a 40-hour investigation, they concluded there was no breach of its data servers. They say celebrity accounts were compromised by targeted attacks, using common hacking techniques like phishing or answering security questions in order to get passwords.
What is Apple going to do?
Apple plans to strengthen security measures in two weeks to add alerts when they notice suspicious activity. They will send push notifications if someone tries to change the iCloud account password, upload backed-up account data to a new device or the first time they log into their accounts from an unknown device.
Apple is working with FBI’s Los Angeles office to determine who is behind the release of the celebrity photos. If found, the hacker is looking at jail time. In 2012, Christopher Chaney pled guilty to accessing protected computers without authorization, damaging protected computers, wiretapping and aggravated identity theft when he hacked into Scarlett Johansson, Mila Kunis and Christina Aguilera’s email accounts. He’s serving a 10-year federal prison sentence.
What can you do?
It seems pretty simple. Don’t take photos you don’t want the world to see. Twenty-one year old actress-singer Keke Palmer’s mother said her daughter was on the list, but never took or kept nude photos on her phone or elsewhere. She was taught early in her career about the dangers. Oh, Mom! , do you really believe that?
Or you could try Rihanna’s strategy. She was probably on the list, but shares revealing photos of herself so much on Twitter and Instagram that there’s no news there.
To be on the safe side whether you have naughty pictures or not – turn on the two-step verification for all your Apple devices. You pictures don’t have to be naked to be stolen.