… But it don’t matter. It clearly doesn’t tear you apart…
This week has not been easy for our beloved stars, with Harry Styles and Kendall Jenner’s holiday snaps being leaked after a hacker invaded the iCloud account of Harry’s mum and posted the photos on Twitter. (We’ll pause for a while so you can go search for them if you haven’t already…)
Six-time Grammy winner Adele also fell victim to a photo hack this week with the attacker exposing private photos of the star, including pregnancy scans of her son as well as photos of Adele dressed up as Santa Claus during her teenage years. The intruder is thought to have gained access through Adele’s partner, Simon Konechi’s email account. Adele found out about the attack through a fan who alerted her management.
So what do cyber security experts think of these attacks and what advice can they provide our celebrities?
Jonathan Sander, VP of Product Strategy at Lieberman Software noticed the similarity between Adele’s attack and corporate breaches; “what’s interesting about this breach of Adele’s privacy is how closely it follows the pattern of typical corporate breaches. They suspect the attacker gained access through a poorly secured partner’s access. The breach itself was discovered by a third party and reported to the unsuspecting victim. These details closely mirror many corporate breaches and Target in particular, beached through their business partner and told by a third party.”
Brian Spector, CEO of MIRACL saw the silver lining of the celebrity photo hacks: “Although this is a horrible invasion of Adele’s privacy, maybe it will at least raise awareness to the general public about the vulnerability of all our digital data.”
And a cynical Tim Erlin, Director, Security and IT Risk Strategist at Tripwire, pointed out that “this isn’t the first time we’ve seen celebrity photos as the target of a cyber attack, and it likely won’t be the last. When you share data with others, whether via an app or email, you’re implicitly putting trust in their security. Even if you’ve chosen a strong password and kept it secret, that other person may not have been so diligent.”
Mark James, Security Specialist at ESET provided useful advice on staying safe online; “it’s likely the account was compromised either through a phishing attack or insecure password. Email scams are very rife at present and you need to be extra careful when following any link you receive in an email. Make sure you have good regular updating internet security software installed, keep your operating system and applications patched and updated and be very mindful of free Wi-Fi points that are not secure.
If possible try to use a third level of protection like 2 Factor Authentication (2FA), take extra care to ensure you use good passwords for email, web logins or indeed any account that requires a username and password. You may want to consider a password manager to make your passwords super strong that way you don’t have to remember them yourself to ensure they are a good length (12 or more), do not contain dictionary words or common names that could be associated with you and ideally has upper and lowercase letters, numbers and special symbols or characters.”
With final words of wisdom, Richard Kirk, SVP at AlienVault noted that “our email accounts often contain an elaborate and detailed history of our lives, some of which may have real value to hackers. For example, it is very common for people to send each other financial information such as bank accounts, PayPal details, and even worse, account ids and passwords.” So famous or not, it might be a good idea to go through your email accounts and delete any sensitive information such as password reset emails and in fact anything you don’t need. Also, don’t forget to empty your deleted items too and for Pete’s sake please don’t store login details there!! Other than that, the normal cyber hygiene rules apply, you know the score.