MANILA, Philippines — After hundreds of nude photos of celebrities were leaked online, a computer security expert warned that further malicious activities have been monitored aimed at exploiting the virality of the leak.
“We have already seen some malicious activities that exploit this issue, which is not surprising given that celebrity scandals have always been a popular social engineering bait,” Trend Micro Security Focus Lead Paul Oliveria said in an email interview Thursday.
“The tactic is still the same: users are promised to see the photos when they click on a link. However, either a malicious software is downloaded on the system or they are asked to provide personal information [such as usernames and passwords],” he said.
More than 200 private pictures of female celebrities were leaked on the Internet on August 31 after a hacker allegedly breached Apple iCloud accounts.
Trend Micro said that there were several ways the hacker could have obtained the private photos of the celebrities: through fake emails asking for Apple ID usernames and passwords (also known as phising), weak and easy-to-guess passwords, or reusing passwords on different accounts.
“A targeted phishing email was convincing enough to entice the users to provide their credentials. TrendLabs has seen several phishing attacks in the past that target Apple IDs,” Oliveria said.
“It’s also likely that celebrities have weak, easy-to-guess passwords such that the hacker simply spent their time and resources to work them out. It’s also possible that the hacker already has the email address tied to the iCloud accounts and simply used the “forgot password” option to reset passwords,” he said.
Various celebrities, including award-winning actress Jennifer Lawrence, have called for an investigation into how the hacker breached their accounts. Apple has also said they would look into the security of their iCloud service.
Trend Micro said that the best way to protect one’s privacy online would be not to upload private information or photos on the Internet in the first place.
“Don’t put everything online. Users should do some sort of audit as to which type of information they are willing to share or upload,” Oliveria said.
“In the age of data breaches and increasing sophistication in cybercrime, they should assume that the data they store in the cloud may either get lost, damaged, or compromised/exposed,” he said.
Trend Micro further urged several steps to give additional layers of security for online accounts: Use strong passwords, don’t reuse passwords and use a password manager, don’t put all your eggs in one basket, check your devices and enable their security features.
RELATED STORIES
Celebrity photo hackers ‘committed sex crime’–experts
Photo ‘hack’ on nude Jennifer Lawrence, Kate Upton, other stars probed
Apparent Hollywood hack attack nabs stars’ nude pix