The Celebrity Photo Hacks: What We Know So Far and How to Stay Secure

Celebrity watchers are seeing more of their favorite starlets than ever before after their private Internet accounts were recently hacked. This case provides a timely reminder of the importance of online security.

Although details are still sketchy, some pretty poignant facts and implications have emerged, along with some valuable takeaways. Read on to discover how these celebrities were exposed, and how to make sure that it doesn’t happen to you.

An iCloud Tragedy Examined: What Happened With These Stars?

If you’ve been following the entertainment headlines, you’d know that private photographs of approximately 100 female celebs —including Jennifer Lawrence, Kate Upton, Ariana Grande, and Kirsten Dunst — were published online.

Many of these were naked photographs of the star victims themselves. The images were hacked from their iCloud accounts (although Apple denies that iCloud has been breached), presumably via their iPhones, and published anonymously on the notorious image-based bulletin board, 4Chan, before going viral.

iCloud accounts allow Mac, iPhone, and iPad users to sync their images, calendar information, and account settings between their Apple devices. It’s unclear how long the hackers had spent building their collection, or whether deleted images continue to be available in cloud storage, as “Scott Pilgrim vs. The World“ star Mary Elizabeth Winstead insisted her snaps were deleted from her account years ago.

A spokesperson for Jennifer Lawrence, one of the most high-profile victims, called the security breach “a flagrant violation of privacy.”

Apple currently is working with law enforcement officials to unearth the hackers involved. A lengthy prison sentence likely awaits the culprit. In 2012, a man received a 10-year jail term after hacking a range of celebrity email accounts, including those held by Scarlett Johansson and Mila Kunis. Anyone who posts the stolen pictures also will face legal ramifications, according to Lawrence’s attorney. It’s unclear what these may be, although Twitter has already suspended the accounts of a number of offenders.

How They Could Have Been Exposed and Key Takeaways

Early speculation suggested that the hacks may have been a result of breaches of Apple’s system. The tech company denied this in an official statement and instead blamed standard phishing techniques. It explained that the breach came from “a very targeted attack on user names, passwords and security questions.” With the media revealing so many details about the lives of celebrities, it’s easy to see how hackers could garner the information they need to stage such a wide-scale attack.

So we know what happened, but how can you make sure that it doesn’t happen to you? Here are three valuable things you can do to stay secure:

Be Careful With What You Share
Jennifer Lawrence committed a cardinal sin when she told Time Magazine that her email address contained a key word. While this was a small clue, it seems that it was enough for the hackers to target her. Of course, you don’t have a public forum like Lawrence, but any details you reveal about your online identity on Facebook or other social networks could also be exploited. For example, a hacker with your email address could send you a phishing email posing as iTunes to extract your password. Keep your details private to avoid being targeted.

It’s not just your email address that you need to keep hidden, though. The “forgot my password” system used by Apple and many other providers will give access to anyone who knows your birthday and a few other key facts.

For celebrities, a lot of this data is readily available. You’ve got a much better chance of keeping this data hidden, but only if you are selective with what you reveal on social media and in other outlets. The things you post about — your children, your pets, and your favorite sports teams — shouldn’t form the basis of your passwords or secret questions. Opt for more obscure details that are known just by you.

Be Password Smart
In its official statement following the celebrity attacks, Apple said that using a strong password and enabling two-step verification are two of the best defenses against a security breach like this. As we’ve covered in previous posts on this blog, the strongest passwords contain at least 10 characters. These characters should be a mix of lowercase and uppercase letters, numbers, symbols, and other characters.

The two-step verification uses a separate channel, such as an SMS sent to a cellphone, to send a verification code whenever an account from a service like Google Drive, Dropbox, iCloud, or Evernote (among many, many others) is accessed from a new device or location.

It might be easier for you to remember a single password, but it also means that if someone hacks one account they can access your email, your iCloud, your PayPal account, and much more. Vary your passwords dramatically to keep a range of accounts protected; if you’re using the same password for multiple accounts, remember that the password is only as strong as the security measures and level of encryption on your weakest account. It’s far too easy for hackers to work out small password variations like having a different number at the end of a word.

Adopt More Secure Internet Habits
If the photos were synced to iCloud on a public WiFi network, hackers might have snooped on the WiFi connection and accessed the images that way. Personal VPNs (Virtual private networks) like Hotspot Shield can provide an extra layer of protection (particularly when logging into unsecure networks) by encrypting all your internet communications, so it’s best to use a VPN at all times to keep sensitive data safe.

It’s also smart to regularly review the permissions on your smartphone and tablet apps. Many of the celebrities affected by the latest cyber-attack may have been unaware that their mobile devices were uploading images to the Internet. Putting a stop to automatic data uploads is a great way to beef up your security and put the power to share or not share back in your hands.

It’s also a smart idea to periodically move photos from your mobile devices to an external hard drive. This can be encrypted to keep your image files safe even if the drive is lost. Once they’re moved, make sure the photos are really deleted and not just held in a trash folder for easy retrieval.

It’s Difficult to Hack What Doesn’t Exist Online

While these measures will make online accounts more secure, they may not protect a user from the most sophisticated hackers. While we all have the right to expect a level of privacy online, this is tough to guarantee. If you’re at all concerned about your intimate information or images being leaked, then perhaps they are better kept offline.

While this series of events is something of a tragedy for the celebrities involved, it also contains some teachable moments for the rest of us. You might not have the high profile of the celebrity victims, but you could be every bit as vulnerable if you don’t get security-smart online. Develop some better habits, and you could avoid the embarrassment and shame that these unfortunate starlets currently are experiencing.