Celebrity iCloud hack lessons for us all

TEMPE, AZ - The recent widespread hacks of celebrity iCloud accounts has many wondering if they should be concerned about storing their private files in the cloud, but before you ‘dump the cloud’, let’s review the details.

Looking at the parameters that allowed this to happen may help you make a more informed decision as to whether cloud storage is for you or not.

Based on the information that has been released thus far, it appears that these celebrities were targeted, which is quite different than random acts of hacking that you and I might be exposed to.

When hackers are not specifically targeting you, they look for easy targets to exploit, so regardless of your future use of cloud storage, there is much to learn from this incident for all your online accounts.

The hackers reportedly used ‘brute force’ attacks which is akin to a massive computerized guessing game.  Every combination of letters, numbers and special characters are guessed until the password is broken.

Because Apple had not limited the number of ‘guesses’ that could be made on one of their associated online services (Find My iPhone), the hackers were able to spend whatever time it took to break the weak passwords – Apple has since closed this security hole.

If the celebrities followed the typical guidance of using a complicated string of characters that’s at least eight characters long but stopped at eight characters, they made the brute force attack pretty easy for hackers.

Security researcher Steve Gibson has an online resource (http://goo.gl/vHyhFX ) that estimates that just about any eight character password can be broken in just over one minute by powerful brute force attackers.

Had they just added seven exclamation points or any other string of easy to remember characters to the end of whatever they were using, they would have made it nearly impossible (from a time standpoint) to crack the passwords in this way.

The other huge mistake that they made was not activating the two-step authentication that just about all popular online services now offer (I refer to it as a Password Fraud Alert that you should setup everywhere http://datadr.com/help/columns/22002 ).

Either one of these steps would have likely protected them, but just like the rest of mankind, they chose ease of use over security with easy to break passwords that they use on all their accounts.

At the very least, make sure your e-mail account has a unique password that is at least 15 characters long, because it's the gateway to virtually every other account you own (remember, password resets get sent to your Inbox!)

I personally have no concerns about using the cloud to store my pictures automatically, but you’ll have to decide for yourself.

If you want the directions for deleting iCloud backups from your iOS devices, go here (http://goo.gl/tc6zRY ) but make sure you back up to your computer first.

My Android phone is set to automatically push my photos and videos to my Google+ account, but they can only be seen by me unless I choose to share them.

Google+ can be an automatic backup system for smartphones, tablets, iPhones and computers; you can find them by searching for #autobackup in your Google+ account.

Print this article Back to Top