Many of us have heard of the leak, in which several pictures of celebrities came out in the open, and these are not mere stock photos, they’re pics with “substance”, If you know what I mean.
The whole phenomena has been aptly labelled “The Fappening”, I will not dignify such with a link, Google/Wikipedia is your friend.
Certain digital items, I suppose, the owners would prefer to have in private, have become items of public consumption and enjoyment, and you know what they say about the internet, “It never forgets”. Once something is exposed to that wilderness it is safe to presume it remains exposed forever. So the question arises as to what caused this.
According to my little research the leak was due to targeted attack on many compromised user accounts, those with easy to guess usernames, weak passwords and security questions. Apparently a little phishing and brute force guessing can go a long way. In short, several cloud accounts got accessed and I suppose a lot of data got compromised.
It’s interesting to know that it’s only the nudies that are being publicly distributed. But make no mistake, if they can get in to access pictures they can as well get access to everything else, all data must be treated as compromised this time.
We should also not be mistaken that these hackers have accessed, or are only accessing the accounts whose pictures they have released. If you have an account with the same weaknesses as the A-listers, then it is logical to assume that they have access to your account details and data too. I very much think they’re just keeping quiet because the rest of the users are not of much public importance or notoriety.
So, lessons to be gleaned from this drama.
The first precaution to preventing your nudies leaking is…
Don’t take nude selfies, or nude anything, dazall. If you have been taking nudies of yourself or someone close, delete them. If you’re considering to do so, my advice is, don’t!! Seriously. Hacking online user accounts is not the only way, some of us may remember an incident with a certain Nigerian actress who was said to have given her faulty laptop to tech boys in the business to fix, and they ended up probing, discovering and distributing such explicit photos to social media.
Almost monthly we’re awash with various photos of various men and women going about their business and seeing their photos floating around the net. Once again, I reiterate, don’t take nudies, half nudies, sexy half nudes or anything you don’t want seeing, if a nude picture doesn’t exist it won’t be leaked.
The first step in leaking comes from actual existence of these photos and videos being taken. If you don’t take them you can’t send them to anyone. Don’t allow cameras of you naked or doing anything that involves some baring of private parts. If they hacked those iCloud accounts and they didn’t see any naked pics, there would be nothing interesting to release.
The worst public-facing embarrassment they would have suffered is have their mundane private photos out, and that isn’t even happening at this time probably because no one cares about those. It’s all about the nudies. This one doesn’t apply if you actually intended for the photos going public, some people may get their kick from that.
Don’t put them on/through the internet
Second lesson, If you have a private piece of digital data in whatever form that you don’t want anyone else getting their grubby hands (or eyes) on it, then steer the file clear of internet based storages. This means it may not be saved on or transmitted through any internet based medium such as email or commercial cloud storage. Once it’s out there, it is as good as compromised. This rule is doubly valid if you’re a public figure. Nothing is truly secure.
Nothing is totally secure
Yes, nothing is 100% secure. An item, infrastructure or system is only as secure as its weakest link, and the user is usually the weakest link. As have been shown in this situation, it’s usually easier to target such user weaknesses than actually hack into the tech of the system itself. So if your tech provider asks you to do something to improve security, by all means do it! Multi-factor authentication has been available on most online services. It adds another layer of security, but these days it is hardly catching on because of the perceived inconveniences involved. My research has revealed that none of the accounts compromised are using two-factor authentication.
Avoid “the Cloud” where you can
Lesson three, avoid using commercial third party cloud storage where you can, whether free or paid. If there is a private cloud setup that has your data going into servers entirely within your control, then all good. But once you’re trusting an entity that is not you with your data, assume the worst and don’t upload if you can afford not to. Apart from the possibility of breaches like this, the cloud hosting company is in control of your data, that means they choose whether to keep it or to purge it in parts or in its entirety. If you upload something that goes against their terms of service which you probably never bothered reading while signing up, they will exercise their right to delete it or report it.
Do you really need to have all your photo and video albums uploaded to the cloud? Alternative backup means exist today, you can set up your own cloud storage and be your own cloud provider with very little cost. Tutorials such as this exist all over the internet and if you’re paranoid enough, with requisite resources, time and willingness to tinker then you will have your own cloud up and running in a short time.
My chief cloud provider is Microsoft’s OneDrive, but I don’t have a single picture of mine on it, my OneDrive data is mostly composed of textual based items like note entries, email and contact data, and data shared from third party individuals and applications. The good old simple HDD backup or slightly less simple RAID setup is still an equally effective backup solution without selling your soul to “the cloud”.
Don’t trust Dropbox, OneDrive, iCloud or any other third party cloud provider, till now Apple, Google, Dropbox or other affected cloud providers have refused to release definite statements on how long the “hacking” has been going on, the list and number of iCloud accounts accessed, the extent of data compromised, or any reasonably helpful technical detail.
It may also be helpful to remind us to cultivate the simple habits of using long, complicated passwords; not using the same or similar passwords for two or more online accounts; changing our passwords regularly; reporting hacking or phishing attempts; reviewing and updating our systems and security software setup, and follow security warnings and tips from trustworthy sources.
….and while writing this, news just reached me that a second wave of leaks just came online. Wow the perverts must be having a field day. 😀
Regarding the celebrity leaks, what’s your take. Any further lessons you wish to impart to fellow readers? Sound off below.