Nude celebrity photo hack: How safe is your data in cloud storage? (+video)

Nude photos of dozens of celebrities, presumably stolen from cloud storage services, started appearing online Sunday night. Here's how the rest of us can keep personal data safe.

  • close
    Internet users browse their Facebook website by the free wifi internet service in an underground station in Hong Kong. The release of nude photographs of dozens of celebrities, including Jennifer Lawrence, Sunday has exposed the vulnerabilities of cloud storage.
    Kin Cheung/AP/File
    View Caption
  • About video ads
    View Caption

The leaking of nude celebrity photographs stored in the “cloud” over the weekend appears to have laid bare the inherent insecurity of virtual data storage.

Nude images of Jennifer Lawrence and several other celebrities began appearing online Sunday night. An anonymous hacker claims to have accessed the Apple iCloud accounts of 100 celebrities. Apple Inc. has yet to confirm that any iCloud accounts have been tampered with.

The Federal Bureau of Investigation is investigating the matter.

Recommended: Top 5 ways to manage your many, many passwords

Perhaps coincidentally, a day before the private photographs began appearing online, hackers uploaded to the code-hosting site GitHub a roadmap for would-be hackers to exploit a vulnerability in Find My iPhone security protocols, ZDNet reports. The vulnerability allowed infiltrators how to subvert login security features that typically shut out infiltrators after just a few failed login attempts, enabling them to flood the login system with thousands of possible password in hopes of hitting the right one.

Apple has since patched that loophole, but the incident illustrates how unforeseen back doors to online storage services can open the gates to private data.

"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," security researcher Ken Westin wrote in a blog post Monday. "Once images and other data are uploaded to the cloud, it becomes much more difficult to control who has access to it, even if we think it is private."

More than 300 million people around the world store files, photographs, and other data on cloud servers, according to CBS New York.

“I think there are a lot of folks, especially celebrities, [who] don’t take their information security seriously,” cloud security expert Jeff Schilling told CBS.

While photos of average citizens typically don’t carry quite the price tag that those of celebrities do, there are plenty of reasons that individuals may want to protect their images.

In recent years, reports of employers passing over job applicants, rescinding offers, and even firing employees as a result of compromising photographs appearing on social media have been steadily increasing. While many users have become more savvy about what images of themselves they choose to post online, they may not realize that photos that they believe to be stored securely could be accessed, and subsequently posted, by people wishing to harm their reputations.

Even those that don’t have any compromising pictures may feel squeamish about the idea of hackers accessing their most precious family memories.

“Are you any less secure than you were a month ago? The answer is no,” Patrick Moorhead, president of technology analytics firm Moor Insights & Strategy, told NBC News on Monday.

So what can you do to protect your data?

Perhaps the simplest step that cloud users can take is to add a second layer of authentication similar to that employed by many banking websites.

Both Google and Apple offer multiple-layer verification features. They aren’t default settings, so users have to search for them.

Apple’s two-step verification system tethers an Apple ID to a specific device, most commonly a cell phone. Any time a user with activated two-step verification makes any changes to their Apple ID account, Apple sends a four digit verification code to the specified device as a secondary password. This feature means that even if hackers crack a user’s password, they can’t make blanket changes to the account. It won’t keep hackers out entirely, but it will prevent them from locking the verified user out of their own account.

Google offers a similar feature for its suite of services including Google Drive, Gmail, and Google+.

The weblog The Social Customer Manifesto offers instructions for implementing two-tier verification on 50 popular websites.

Material from The Associated Press was used in this report.

Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.




Save for later


Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items


Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items


Failed to save

You have already saved this item.

View Saved Items