Celebrity iCloud Hack Lessons for Us All


What do we need to do to make sure our pictures don't leave our phone and head to the cloud?


This question was answered on September 3, 2014. Much of the information contained herein may have changed since posting.

The recent widespread hacks of celebrity iCloud accounts has many wondering if they should be concerned about storing their private files in the cloud, but before you ‘dump the cloud’, let’s review the details.

Looking at the parameters that allowed this to happen may help you make a more informed decision as to whether cloud storage is for you or not.

Based on the information that has been released thus far, it appears that these celebrities were targeted, which is quite different than random acts of hacking that you and I might be exposed to.

When hackers are not specifically targeting you, they look for easy targets to exploit, so regardless of your future use of cloud storage, there is much to learn from this incident for all your online accounts.

The hackers reportedly used ‘brute force’ attacks which is akin to a massive computerized guessing game.  Every combination of letters, numbers and special characters are guessed until the password is broken.

Because Apple had not limited the number of ‘guesses’ that could be made on one of their associated online services (Find My iPhone), the hackers were able to spend whatever time it took to break the weak passwords – Apple has since closed this security hole.

If the celebrities followed the typical guidance of using a complicated string of characters that’s at least 8 characters long but stopped at 8 characters, they made the brute force attack pretty easy for hackers.

Security researcher Steve Gibson has an online resource that estimates that just about any 8 character password can be broken in just over one minute by powerful brute force attackers.

Had they just added 7 exclamation points or any other string of easy to remember characters to the end of whatever they were using, they would have made it nearly impossible (from a time standpoint) to crack the passwords in this way.

The other huge mistake that they made was not activating the 2-step authentication that just about all popular online services now offer (I refer to it as a Password Fraud Alert that you should setup everywhere).

Either one of these steps would have likely protected them, but just like the rest of mankind, they chose ease of use over security with easy to break passwords that they use on all their accounts.

At the very least, make sure your e-mail account has a unique password that is at least 15 characters long, because it''s the gateway to virtually every other account you own (remember, password resets get sent to your Inbox!)

I personally have no concerns about using the cloud to store my pictures automatically, but you’ll have to decide for yourself.

If you want the directions for deleting iCloud backups from your iOS devices, go here but make sure you backup to your computer first.

My Android phone is set to automatically push my photos and videos to my Google+ account, but they can only be seen by me unless I choose to share them.

Google+ can be an automatic backup system for smartphones, tablets, iPhones and computers; you can find them by searching for #autobackup in your Google+ account.


Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!


Posted by Ken of Data Doctors on September 3, 2014