If you paid any attention to the internet over the past few days, you’re aware of a pretty big celebrity hack. A lot of blame has been passed around, Apple and ICloud, the celebs themselves, and others. The thing is, Kate Upton and Jennifer Lawrence are different than you in one important way in this case: more people want to see them naked, than want to see you naked.
What you do on your device with your significant other is your business. If you put it on someone else’s server, there’s always the chance it could get out. Doing a bit of research, it’s really frightening easy. Follow me here.
Let’s say I’m a creep and I know you. Maybe we work together, see each other at the local bar, or say hi at the gym. I can stalk you on Facebook. Come on people, we all do it…you know EXACTLY how much info there is about you on Facebook. I find your profile, and you’ve locked it down pretty tight, except for your email address. It’s a gmail or yahoo address. Safe bet, you’ve reused that address for multiple logins. Maybe iCloud?
Time for me to get to work. Head over to iCloud, put in your email address and say I forgot your password. SCORE! I get taken to your security questions. Mother’s maiden name? Back to Facebook…look, your mom is your friend and she uses her maiden and married names. You also tagged a picture at the family reunion with your uncle, who has the same last name your mom used to have. Next question iCloud? Street you grew up on. Hmmm….where does Mom live? Lets try that. No luck…any #TBT pics? “Me and the Fifth St crew, circa 4th grade”
I’m now into your entire Apple account. With a couple of free tools online, I can download and open all your backed up phone and ipad files. Those texts you sent to your SO late at night, and didn’t delete till the morning? I got them. Those pics you deleted. Yeah, iCloud backed them up before you could delete them. And what’s this? Your contacts list? Sweet! You have some hot friends and I have all their email addresses now. I also NEVER needed your password.
I use iCloud as an example, but Google, Dropbox, they’re all similar.
It’s called Social Engineering and the best passwords and security fail time and again. Kevin Mitnick, a famous ‘hacker’ used to have a great trick to get into company networks. He wrote a little program that created a login id for him on their network. He put it on a floppy disc with the name “salaries.xls” or something similarly irresistible. He’s go to the company, talk to a secretary, security, anyone he could find and ‘accidentally’ leave the disc behind. Soon, he was in.
How do you protect yourself?
First, like I said, you’re probably not Kate Upton. Not as many people are trying to hack your stuff. You can breathe a little easier.
Second, use 2 factor authentication. Most services offer it, and what it does is give you a second level of security. With iCloud, it sends a code to your phone or ipad that you have to use to complete the password change or recovery process. It’s strong, but not 100% foolproof.
Third, don’t ever put your information in the security questions. Put someone else’s. Got a best friend, share security questions. Got a favorite celeb? Use theirs. If you’ve got a great memory, make one up out of the blue: Frothingsloshenton. Nobody is going to guess that.
Fourth, be prepared for the worst. There’s ALWAYS the chance someone’s going to get into your stuff. Don’t reuse logon ids too much, and definitely not with financial stuff. Yeah, its embarrassing if Reddit sees those ‘zesty’ pics you sent to your boyfriend, but it’s a real problem if someone can get into your back account and start making transfers.
Finally, accept that privacy is changing and you have to change with it. If someone wants to break into your house, they’re going to, no matter how many locks you have and how great an alarm system. Does that mean to never leave the house? No. Just be smart about how you secure your data and services. You can’t eliminate the risk, but you can do a lot to lessen it.
For more ways, and another horror story on securing your online account, check this out.
Putting on my information security hat, I say “thank you”! Very nicely explained for the average user (like me!).