This weekend the celebrity world was rocked by one of the biggest nude photo ‘hack’s in recent memory. A hundred, or so, celebrities phones were hacked and nude photos of said celebrities were leaked on to sites like 4chan and reddit. Despite what some of the news sources will tell you, 4chan itself is not a person, or a hacking group. 4chan is an anonymous forum that people can post on. It started as an anime forum and has morphed into something totally different, especially certain sections of the site. In the case of this celebrity hack, 4chan was a means of posting and spreading these photos. Originally the person who acquired all of the photos attempted to exploit money out of people by asking for bitcoin donations, but according to some articles I’ve ready, they didn’t even manage to get a full bitcoin out of it (but who knows if that’s true). Despite being very unfortunate, this hack has brought to light the true reality that is cloud storage and making sure your accounts are secure.
With that being said, here are a few simple tips that can help you protect yourself and make sure that you don’t become the victim of one of these malicious hackers.
1. Don’t Take Explicit Photos/Videos With Your Phone
This one should be common sense. Don’t use your phone’s camera to take photos and/or videos that you want to be private. Even if you never get “hacked” remotely, who knows who could come across the media on your phone. Even if you delete the photo off of your phone right away, you don’t know where that photo could have been backed up to, or that deleted files often still reside on hard drives for long after they have been deleted. It could still be possible for them to be recovered after the fact. The only true way to make sure that private photos/videos remain private is to not take them at all.
2. Turn Off Remote Photo Backup on Your Phone
There are many ways to have your phone automatically backup your phone’s media to the “cloud” or to your computer, but if you’re truly paranoid about your media, don’t use these services. I personally use Dropbox to back up any photo/video that is taken with my phone. I love it, it works fine, and it’s simple, but again, I’m smart with the photos I take with the phone. If you have an iPhone, the iCloud service uses something called Photo Stream that allows your photos to appear on all of your devices (I believe it’s only the last 100), so you can save them permanently or just let them fall off. Turn this feature off. Just because they are deleted out of your current photo stream doesn’t necessarily mean they are gone for good. Instead of using one of these cloud services, just plug your phone into the computer and backup the photos that way.
3. Use Secure Passwords
This is another obvious one, don’t use anything that can be easily guessed for your password, and at the same time, don’t use the same password for every service, especially your email. If you’re bad at remembering passwords, at least make sure your email password is totally different than all of your other passwords. If someone gets a hold of your email account, it’s very easy for them to request new passwords from any other service and reset them. Also, make sure to use a variety of letters, characters and numbers, as well as various capitalizations. Hackers like to use “brute force” attacks that basically push thousands of passwords at an account in a short amount of time using a dictionary file. If you don’t use dictionary words and spellings, etc., it will make it harder for these scripts to guess your password. A flaw in the Find my Friends app is believed to be what has lead to this recent celebrity photo hack; it has since been patched, but you’re never too safe.
4. Use 2-step Verification If Possible
Google and Apple both offer the use of 2-step verification for your accounts, but not a lot of people use these features. Yes, it’s a slight inconvenience if you want to make a change to your account, but wouldn’t you rather have to take an extra 10 seconds and have a pin number texted to you than have all of your information hacked? You can find more information about Google 2-Step Verification Here and how to setup Apple’s iCloud 2-step verification here. Do yourself a favor and take a few minutes to set these up. You can never be too safe.
5. Don’t Click on Suspicious Emails
Hackers have been using the method of “phishing” for passwords for as long as I can remember. The most popular method of this is using email to trick people into clicking links or downloading software. If you ever get an email from one of the online services you use asking you to update your password or login to change something, or really anything, NEVER CLICK THE LINK IN THE EMAIL. Always take the time to open up a new browser tab/window and go to the actual company website itself. If they really do need you to update something or change something, there will usually be some sort of message or prompt on the website asking you to do something. This is the most common ways that hackers will gain access to your accounts. You’d think you’d be able to tell the difference between a real email and a fake one, but you’d be surprised how good some of these emails look.
6. Security Questions Aren’t Foolproof
Most sites will ask you to setup a variety of security questions that you can use to reset your password/account in the event that you forget your login/password. Most of these questions are relatively simple so that people can easily regain access to their accounts. Questions like “What is your mother’s maiden name?” or “what street did you grow up on?” may seem like good questions to ask, but they are actually pretty terrible. With the amount of personal information available about a person online, questions like these can be easily figured out through simple Google searches and various other website. I am actually pretty confident that if a person is using questions like this for the security questions I could easily figure out the answers and gain access to the account, or at least get their password reset in less than 30-minutes of searching. So if you have to use these security questions either make up answers that aren’t real and aren’t easily accessible on the internet, or use the most obscure ones you can. Not every site is going to let you choose which questions you use, but when you fill them out, take a second to think if someone can easily find the answer to said question online.
These are just a few ways to help you protect yourself and your online accounts, against hackers like those that got access to the celebrity accounts this weekend. From what I’ve been reading right now, and mentioned a bit above, it sounds like this was a brute force attack on a vulnerability in the Find My iPhone app that allowed a script to hammer an account with potential passwords for as long as it took. Usually when someone hammers an Apple ID with password requests it locks out the account until it is reactivated, but this vulnerability allowed this script to continue its run without consequence. Thankfully Apple has since patched the flaw, but not before the damage was already done.
There’s always going to be people out there that want access to your information, but as long as you’re smart with your data and know the different ways these “hackers” can gain access to your accounts, you’ll be ahead of the game. So just be smart about what you do online and you should be just fine.
If anyone else has any helpful hints for protecting yourself online, please let me know in the comments.0