Nude celebrity photo hack: How safe is your data in cloud storage?

Nude photos of dozens of celebrities, presumably stolen from cloud storage services, started appearing online Sunday night. Here's how the rest of us can keep personal data safe.

Kin Cheung/AP/File
Internet users browse their Facebook website by the free wifi internet service in an underground station in Hong Kong. The release of nude photographs of dozens of celebrities, including Jennifer Lawrence, Sunday has exposed the vulnerabilities of cloud storage.

The leaking of nude celebrity photographs stored in the “cloud” over the weekend appears to have laid bare the inherent insecurity of virtual data storage.

Nude images of Jennifer Lawrence and several other celebrities began appearing online Sunday night. An anonymous hacker claims to have accessed the Apple iCloud accounts of 100 celebrities. Apple Inc. has yet to confirm that any iCloud accounts have been tampered with.

The Federal Bureau of Investigation is investigating the matter.

Perhaps coincidentally, a day before the private photographs began appearing online, hackers uploaded to the code-hosting site GitHub a roadmap for would-be hackers to exploit a vulnerability in Find My iPhone security protocols, ZDNet reports. The vulnerability allowed infiltrators how to subvert login security features that typically shut out infiltrators after just a few failed login attempts, enabling them to flood the login system with thousands of possible password in hopes of hitting the right one.

Apple has since patched that loophole, but the incident illustrates how unforeseen back doors to online storage services can open the gates to private data.

"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," security researcher Ken Westin wrote in a blog post Monday. "Once images and other data are uploaded to the cloud, it becomes much more difficult to control who has access to it, even if we think it is private."

More than 300 million people around the world store files, photographs, and other data on cloud servers, according to CBS New York.

“I think there are a lot of folks, especially celebrities, [who] don’t take their information security seriously,” cloud security expert Jeff Schilling told CBS.

While photos of average citizens typically don’t carry quite the price tag that those of celebrities do, there are plenty of reasons that individuals may want to protect their images.

In recent years, reports of employers passing over job applicants, rescinding offers, and even firing employees as a result of compromising photographs appearing on social media have been steadily increasing. While many users have become more savvy about what images of themselves they choose to post online, they may not realize that photos that they believe to be stored securely could be accessed, and subsequently posted, by people wishing to harm their reputations.

Even those that don’t have any compromising pictures may feel squeamish about the idea of hackers accessing their most precious family memories.

“Are you any less secure than you were a month ago? The answer is no,” Patrick Moorhead, president of technology analytics firm Moor Insights & Strategy, told NBC News on Monday.

So what can you do to protect your data?

Perhaps the simplest step that cloud users can take is to add a second layer of authentication similar to that employed by many banking websites.

Both Google and Apple offer multiple-layer verification features. They aren’t default settings, so users have to search for them.

Apple’s two-step verification system tethers an Apple ID to a specific device, most commonly a cell phone. Any time a user with activated two-step verification makes any changes to their Apple ID account, Apple sends a four digit verification code to the specified device as a secondary password. This feature means that even if hackers crack a user’s password, they can’t make blanket changes to the account. It won’t keep hackers out entirely, but it will prevent them from locking the verified user out of their own account.

Google offers a similar feature for its suite of services including Google Drive, Gmail, and Google+.

The weblog The Social Customer Manifesto offers instructions for implementing two-tier verification on 50 popular websites.

Material from The Associated Press was used in this report.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.