This post comes from Bob Sullivan at partner site Credit.com.
Not all secrets are equal. Some are far more sensitive than others, and these require special care. If the Labor Day weekend leak of celebrity nude photos teaches us anything (we already knew the Net was full of creeps and hackers), it reminds us that anyone can fall victim to theft of incredibly sensitive information.
I’d venture to guess that most of us would rather someone steal our credit card numbers than steal a photo of us in our birthday suit. In fact, there’s probably a few other things in your life, they’d be different for all of us, that rate nearly almost that sensitive. Maybe it’s the combination to the family post office box. Maybe it’s Aunt Bettie’s chocolate chip cookie recipe. Whatever your state secrets are, you simply must take greater measures to protect them.
In other words, you probably shouldn’t let any cloud-based service automatically back up your very personal photos.
Because I can promise you that the FBI will not open an investigation into an incident where a criminal, or an ex-boyfriend, steals your images.
Cloud services are so easy to use, just click once and Google, or Apple, or dozens of other services will auto-magically upload every photo you take with your phone or your tablet into their cloud. That makes them easy to share. It saves space on your device. Great.
But the process is so simple that ordinary people (and, I suspect, celebrities) forget it’s even happening. Snap a photo during a night of passion and, poof, there it goes into cyberspace, forever. I wouldn’t be surprised if most victims of the Labor Day weekend’s hack had no ideas their sensitive images were on iCloud.
There’s open speculation that a relatively simple vulnerability in Apple’s iCloud service paved the way for the embarrassing incident. The news might be coincidental, but it might not: Only hours after news of the image leak, Apple fixed a flaw that failed to limit the number of times someone could attempt to log into iCloud. That meant hackers could have used automation tools to attempt millions of logins on a single account; and we all know the majority of passwords are too simple and can’t withstand such brute force attacks.
It’s probably not fair to blame Apple. And it’s certainly not fair to blame the victims. But the fact of the matter is, criminals are looking for this kind of loot to steal constantly. If you think your sensitive photos would be of no interest to a hacker, you are seriously wrong.
“Sextortion” is a growing crime with tragic results. Criminals obtain revealing photos of victims, including children, and then use them to extort more photos from them, under threat of revealing the images on a public website. The crime is so traumatic that some young victims have committed suicide. Naturally, it’s hard to quantify its frequency, but the Internet Crimes Against Children Task Force told USA Today that the number of complaints about it grew from 5,300 in 2010 to 7,000 in 2013.
Don’t be an easy target for hackers
So what should you do? Today is probably a good day to review with sober eyes what photos or other secrets you have stored in the cloud and delete those that might be embarrassing. Then, come up with a strategy to protect your most sensitive items.
See if your cloud provider allows two-factor authentication. Apple does. Instructions for adding it can be found by clicking here. Two-factor prevents someone from accessing your account in some cases even if he/she knows your password.
Longtime security expert Christopher Ambler, who blogs at Bit Parts, is pretty stark with his advice to clients.
“Have nothing online you’re not prepared to have leak. Nothing. Period. Ever. That ship has sailed. You may not like it, but it is reality. Rage and angst, but you will not change this fact,” he said. “If your camera is online — meaning it is your phone — you have violated number one. Don’t take a picture you wouldn’t be prepared to have posted in the clear immediately.”
Perhaps you should consider having a second, non-networked camera handy for images that you wouldn’t want Grandma or your boss or a hacker to see.
You don’t have to stop using the cloud for family portraits or dog pictures. But you can’t forget that you are using the cloud when you take private photos.
“Anything you wouldn’t have taken 20 years ago and left to be developed at a Kodak shop, you shouldn’t take with a digital camera (that’s networked) today,” said Adam Levin, chairman of Identity Theft 911 and Credit.com.
More on Credit.com: