LOS ANGELES (CNN) — A hacker’s invasion of dozens of celebrity iCloud accounts, leading to the embarrassing leaking of nude photos, has lessons for us all. Here are five things you should know about what happened.
Who’s been hacked?
There’s a list of 100 celebrity women — and one man — whose photos were supposedly downloaded and stolen by a hacker. It includes A-listers, notably Oscar-winning actress Jennifer Lawrence, and D-listers whose names you may not recognize. Many of them only found out they were victims because of media reports naming them, but others — such as Lawrence — found out when social networks exploded with buzz about nude photos being distributed online.
Lawrence and two others, actress Mary Elizabeth Winstead and model-actress Kate Upton, almost immediately confirmed the images were of them. Several others — including singer Ariana Grande, gymnast McKayla Maroney and singer-actress Victoria Justice — said photos supposed to be of them were fakes.
Justice later tweeted that she did, in fact, suffer “a serious violation of privacy,” with real photos leaked.
While Rihanna is on the list, it might have been a waste of a hacker’s energy, because the singer is known for frequently sharing revealing photos of herself on Twitter and Instagram.
Being on the hacked celebrity list doesn’t mean the hackers actually found any racy photos. Actress-singer Keke Palmer, 21, was on the list, but has never taken or kept nude photos on her phone or elsewhere, her mother said. The former Nickelodeon star, now playing Cinderella on Broadway, was taught early in her career about the dangers, she said.
Others reportedly hacked include: Aubrey Plaza, Avril Lavigne, Cat Deeley, Farrah Abraham, Gabrielle Union, Hayden Panettiere, Hope Solo, Hillary Duff, Jenny McCarthy, Kate Bosworth, Kim Kardashian, Kirsten Dunst, Mary Kate Olsen, Meagan Good, Sarah Schneider, Selena Gomez, Teresa Palmer, Vanessa Hudgens and Winona Ryder.
The one male on the list is actor Dave Franco, but to the disappointment of some female fans, no nude photos of Franco have emerged.
Why would celebrities have nude photos of themselves on their cell phones?
There may not be one answer for this, but distance from love interests could be a major factor. Actors spend months away from spouses and lovers while making movies. Musicians tour the world for months. Sexting can become a substitute for intimacy when a relationship goes long distance.
Of course, some bathroom mirror selfies may be snapped and kept as a way to measure progress on a diet or to assess the need for a tummy tuck or update with the plastic surgeon.
Other celebs, however, have enjoyed career boosts when supposedly inadvertent leaks of nude photos or videos have gone viral. Ask Kim Kardashian about that. Her career highlight was as Paris Hilton’s personal assistant before the world discovered her sex tape.
Another way nude photos might find their way onto a celebrity’s cell phone is just plain naiveté. Maybe they don’t realize images on their iPhones are automatically backed up by iCloud, or perhaps they thought iCloud was a safe place for their data.
How did the hacking happen?
The hacker apparently took advantage of a security flaw in Apple’s online backup service, iCloud. Many online services lock someone out after several unsuccessful attempts to log in, but not Apple’s “Find My iPhone” app and iCloud. That has been changed by Apple in the aftermath of the nude celebrity photo scandal. But with unlimited guesses, a computer program can generate and test thousands of potential passwords until an account is entered. It is called a “brute force” attack.
The tendency of many people to choose weak passwords and to use the same password for each service helped. Once a celebrity’s “Find My iPhone” app password is discovered, the same password often can access iCloud. People might never know their accounts have been compromised.
Another thing makes the famous more vulnerable. Wikipedia and many other websites provide biographical information that can help a hacker guess passwords or answers to security questions.
Nearly a decade ago, Paris Hilton’s Sidekick cell phone was accessed when a hacker guessed her password was Tinkerbell, the name of her famous teacup chihuahua.
Apple said on Tuesday that the company’s core computer systems, which house all its users’ data, were not hacked. “Certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said.
How can you safeguard against hackers?
Learn from the woes of your role models, the celebrities.
Choose strong, hard-to-guess passwords. Long but easy to remember pass phrases that include numbers are suggested. Have variations for different email accounts, bank accounts and apps. If one is hacked, it does not compromise your entire virtual world.
Many services, including Apple’s, offer the option of two-factor authentication. After you enter your permanent password, you are asked for a second temporary password or number that is automatically generated and sent to you in a text message.
A hacker would not have been able to access those celebrity photos unless he or she also had the celebrity’s cell phone.
Another safeguard is to be aware that even when you delete a photo or video from your iPhone, it is possibly backed up by iCloud. The service allows you to access images on all your devices, but it also keeps those you might think are deleted.
Actress Mary Elizabeth Winstead tweeted that the photos of her that were leaked were “deleted long ago.”
What penalty could the hacker pay?
A stiff prison sentence is the short answer.
Jennifer Lawrence’s representatives said investigators have been contacted and “will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”
The FBI’s Los Angeles office confirmed Monday that it was investigating the hacking. “The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter,” the agency’s spokeswoman said.
The same office caught a Florida man who hacked celebrity email accounts in 2011. Christopher Chaney, whose targets included actresses Scarlett Johansson and Mila Kunis and singer Christina Aguilera, was charged with accessing protected computers without authorization, damaging protected computers, wiretapping and aggravated identity theft.
Chaney is serving a 10-year federal prison sentence after pleading guilty in 2012.
The hackers arrested in the Paris Hilton case, including a teenager, got jail time, too.