A handful of celebrities are feeling compromised and confused Monday after learning their iCloud accounts were hacked and personal and even racy photographs were leaked online.
With 320 million users, iCloud automatically stores data, including music and pictures, from iOS devices and syncs them between mobile devices.
Web forums like 4-Chan claim to have compromised the iCloud accounts of celebrities like Jennifer Lawrence.
“If Apple has a vulnerability, it’s in their best interest not to disclose it but to patch it as quickly as possible,” said Chris Hamer, a network administrator with the Bradford County Sheriff’s Office. “It’s unlikely, given the sheer volume that they deal with, that they have a vulnerability that would allow somebody to specifically target celebrities.”
Many iPhone users rely on their device as a digital scrapbook. So how can those users make sure their images aren't stolen from iCloud?
Hamer explained to News4Jax how iCloud users can prevent their personal pictures from becoming public consumption.
He said strong passwords are a must -- and don't reuse them.
He also said iCloud should be disabled on the device. Go to “Settings,” then “iCloud,” then “Storage & Backup” and stop the “Photo Stream” feature.
“The levels of complexity that are needed to keep most people safe is escaping most users,” Hamer said.
He said the best bet for anyone questioning Apple's security is to add an extra layer of protection by turning on two-step verification on their iCloud account.
“It’s what’s called a two-factor authentication,” Hamer explained. “If they go to access their account, it sends them a four-digit code to their phone to a registered device. No code (means) no access.”
Hamer said hackers can gain initial access to accounts through social engineering or phishing.
“They send you an email that says, 'We think your email has gotten hacked. Please log in and confirm that you haven’t gotten hacked.' When in actuality, you’re providing information to the hackers,” Hamer explained. “That’s a phishing attack.”
And if a back-up isn't password protected, all it takes is cyber criminals to sync their devices to the unprotected device.
“The onus is really on the user to make sure that they safeguard their data: know where it's going, know where it’s backed up, know who can access it,” Hamer said. “If you don’t know how to audit your Apple account to see which devices are currently accessing it, find somebody who does.”
Hamer said celebrities are common targets because so much of their personal information is public. It can be easier to answer certain security questions about them.
He said the only way to absolutely prevent certain personal images from being compromised is to not take them at all.
Step-by-step guide to protecting your iPhone:
- Use strong passwords and don't reuse them.
- Lock your iPhone with a passcode: Go to “Settings,” then “General” and “Passcode Lock.” Tap “Turn Passcode On” and choose a four-digit number.
- Don't click any links from emails or websites you're not familiar with.
- Disable iCloud on your phone: Go to “Settings,” then “iCloud,” then “Storage & Backup” and stop the “Photo Stream” feature.
- Use two-step verification: Go to https://appleid.apple.com/, select “Manage your Apple ID” and sign in, select “Password and Security,” under “Two-Step Verification,” select “Get Started” and follow the instructions on screen.
- Audit your Apple account by going through your settings and making everything password protected: Go to “Settings,” then “General,” then “Restrictions,” and “Eable Restrictions.”
- Turn off your Wi-Fi when you aren't using it by tapping “Settings,” “Wi-fi” and sliding to “Off.”
- Instead of setting your iPhone to store your password, enter it every time you connect to a network.
- Update your device often to keep up with security updates.