Everyone has at least heard something about a recent leak of very personal data from a number of Hollywood stars. Somebody, somehow, managed to steal a number of stars\u2019 private photos that were not supposed to be publicized. How this was done and who was behind it is not yet known. The only certain thing is that they were published on 4chan, a notorious imageboard, widely considered to be the \u201cheart\u201d of Anonymous internet subculture. Anonymous, in turn, are spearheading anti-surveillance, pro-privacy activism (on the Web, mostly). Apparently their notion of people\u2019s privacy doesn\u2019t cover private selfies of attractive celebrities. But, well, enough of this. After all there\u2019s much to talk about from the business angle here. <\/p>
Celebrities\u2019 photos leak: why should businesses care?<\/p>Tweet<\/a><\/blockquote>\n
First of all, nothing goes from nowhere: if someone stole personal data, then there was a vulnerability in the storage locker. The first suspect was iCloud \u2013 there was a flaw, discovered as recently as earlier this week, and patched pretty quickly. According to The Next Web<\/a>, on Monday, a Python script emerged on GitHub that appeared to have allowed malicious users to \u201cbrute force\u201d a target account\u2019s password on Apple\u2019s iCloud. To \u201cbrute force\u201d in this case means to make an unlimited number of attempts to guess passwords, without any \u201cretaliation\u201d from the system (which is a Gargantuan-sized security hole). Actually, it was a vulnerability in the Find My iPhone service that made it possible. Fortunately, Apple reacted promptly and fixed the problem.<\/p>\n
\n<\/p>
\u201cFind My Phone\u201d flaws have been used before<\/a> to lock phones and demand ransom. However this time Apple declared that iCloud wasn\u2019t breached in celebrity photo leak, and those were individual accounts targeted:<\/p>\n
\u201cAfter more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple\u2019s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved,\u201d<\/em>Apple said<\/a>. It also advised to use strong password and enable two-step verification. It\u2019s quite logical to assume that in the case of the attacked celebrities strong passwords were not present. Neither was two-step verification, apparently.<\/p>\n
In this regard, three things need emphasizing here.<\/p>\n
1. Apple\u2019s devices and services may be a bit more secure than the rest (or at least they are considered so), but they are definitely not immune to targeted attacks, and they have flaws too. Also, weak password and lack of two-step verification make any other protective efforts all but futile. This is a reminder for businesses employing BYOD in their networks and people who keep their working data on their personal iPhones.<\/p>\n
2. For both individual users and businesses it is true that any sensitive information remains private until there is a more than a hypothetical possibility of an unsanctioned access to it. Or, to put it simple, the data is only private as long as you control the access to it. Be it personal pics or secret business docs, if you have them on your personal mobile devices, someone can crack the weak password, or just steal your device, etc. The data then changes hands or even becomes public. But if it is stored in an encrypted form, hackers will be in a muck of sweat trying to get to your data. <\/p>
Private data is private as long as you control access to it.<\/p>Tweet<\/a><\/blockquote>\n