It hasn’t been that long since so many celebutantes found their extremely personal photos suddenly extremely public thanks to iCloud. Now a member of the royal family is finding herself the victim.
Aly and AJ Michalka, Aubrey Plaza, Abby Elliott, Avril Lavigne, Amber Heard, Brie Larson, Candice Swanepoel, Cara Delevigne, Emily Ratjakowski, Farrah Abraham, Gabrielle Union, Hayden Pannettiere, Hope Solo, Hillary Duff, Jenny McCarthy, Kayley Cuoco, Kate Upton, Kate Bosworth, Keke Palmer, Kim Kardashian, Kirsten Dunst, Krysten Ritter, Lea Michele, Lizzy Caplan, Mary Kate Olsen, Mary Elizabeth Winstead, Rihanna, Scarlet Johansson, Selena Gomez, Vanessa Hudgens, Wynona Ryder, Alison Brie and Dave Franco. This is a sampling of names of celebrities that found themselves victimized by hackers that had gained access to their iCloud accounts, and traded in their very personal photos. We can now add Pippa Middleton to that list.
Pippa Middleton, who’s sister is Kate, the Duchess of Cambridge, found herself the latest victim of hackers which have reportedly gained access to her iCloud account and up to 3,000 personal photos. Those hackers have already approached The Sun newspaper wishing to sell these photos for a minimum of 50,000 pounds. They messaged the newspaper through an unnamed encrypted messaging service, and provided photos of Pippa getting fitted for her wedding dress as proof. The hackers told The Sun that they had photos of her, her sister Kate with her children, and nude images of her fiancé James Matthews.
Once again, the very personal lives of Apple’s users are being put out for public display. How should users ensure that this doesn’t happen to them?
Many of these personal information thefts are due to social engineering, as opposed to a true hack. Users are tricked in to entering their credentials in to malicious apps or websites which pose as actual logins for the services people are using. Once done, those behind these malicious apps and sites have that user’s login information, and can use it to gain access.
Another method being used is by utilizing logins gained from other hacks, like the recently talked about Yahoo hack, hackers will simply try the login information they have from that hack, on other services, and hope to get lucky.
There are things that could and should happen to combat these occurrences. First, these services should be registering where these sign ons are coming from. I have a personal cloud, and when I login from another device, I receive an immediate email informing me of this. I find it hard to believe that iCoud would not have this kind of warning. And if it does, why are user’s not paying attention?
Furthermore, users need to be vigilant about where they are inputting their login information. If the user did not purposely go to a site or service, why would it be asking for a login?
Users need to ensure that they are not using the same sign on for multiple accounts. I know, it’s easier to remember one sign on. But we need to remember that when we do this, if one set of credentials is compromised, attackers now have access to all your accounts, and we can be sure that all accounts shall be tried.
Finally, if you insist on using iCloud, turn off the automatic back up function on your iPhone. Many of these victims were unaware that these photos were even stored in the iCloud. The iCloud is opt out for iPhone users, and many are shocked when they discover how much of their information is actually stored in a location that has been breached so frequently.
And now for some more personal advice. Don’t use iCloud. Really. Just don’t. Hackers are fully aware of how the iCloud works, and I would bet that the iCloud is the first place hackers will attempt to use stolen credentials. If you choose to use a cloud service, there are many out there with free options, as well as less expensive options than Apple’s iCloud, and they also don’t have the history of being responsible for thousands of users naughty photos being leaked.
The Verge is reporting that there has been an arrest in the case of Pippa Middleton’s hacked iCloud account.
A 35 year old man has been arrested in Northamptonshire, England and taken in to custody. The Sun had been contacted via WhatsApp.