What Happened?
Sunday night an anonymous user posted the photos to the site 4Chan alleging to be in possession of photos and video of over 100 celebrities that were taken from iCloud accounts. It’s been speculated that the hack stemmed from a vulnerability in Apple’s “Find My iPhone” service, which allowed hackers to use brute-force tactics to gain access to Apple ID passwords.
While it hasn’t been confirmed that an iCloud security vulnerability was a cause for the leak, Apple has released a statement saying they are “actively investigating” the issue. There have also been reports that Apple quietly rolled out a security patch Monday to fix the alleged hole responsible for the breach. How Safe is the Cloud?
Because a phone only has so much data memory to store 75 versions of the same selfie and 101 pictures of your pet being cute, many opt to use a cloud storage service that automatically backs up the photos, video and other information housed in their phones. However, a catch-22 to subscribing to services that your phone automatically uploads to is the fact that while you may have deleted the picture from your phone, it most likely is still being stored in the cloud.
Services like iCloud, Dropbox, Google Drive, and OneDrive use similar security measures like data encryption, two-factor authentication, and unique password creation. Essentially, each cloud service is really only as safe as the user makes it. Though several security features may be offered, many are optional, like two-factor authentication, and totally up to the subscribers’ discretion to enable. Also, with the hasslpe of having to juggle several passwords and log-ins, many tend to use the same password over and over again, making themselves susceptible to hacks.
To safeguard your privacy online, Mashable suggests using secure, unique passwords on accounts and devices, using two-factor authentication when available, enabling locks and passwords on computers and phone accounts, and running the latest version of an operating system.
Apple has released a statement denying a wide breach of iCloud. Read the full statement here.