Hackers post celebrities' nude photos

Alleged attack on Apple iCloud accounts raises questions about storing data online

Some of the stars said to be targeted include (from left) singer Rihanna, actress Jennifer Lawrence, reality TV star Kim Kardashian, actress Kirsten Dunst and model/actress Kate Upton. -- PHOTOS: NEW YORK TIMES, GETTY IMAGES
Some of the stars said to be targeted include (from left) singer Rihanna, actress Jennifer Lawrence, reality TV star Kim Kardashian, actress Kirsten Dunst and model/actress Kate Upton. -- PHOTOS: NEW YORK TIMES, GETTY IMAGES

More than 100 stars, including Jennifer Lawrence, Kate Upton and Rihanna, allegedly had their smartphones or online storage accounts hacked into, prompting many to question the wisdom of storing content online.

The explicit photos were first posted by an anonymous user or users on the 4chan online bulletin board, offering more of such photos if other users pay for them.

They claimed to have gained access to the photos through hacking the stars' Apple iCloud online accounts, which let Apple users store their photos, videos and documents in the cloud and sync them with their iPhones and iPads.

Apple has not confirmed nor denied whether its software was indeed targeted in the hack attack.

So far, actresses Jennifer Lawrence and Mary Winstead have confirmed the photos as genuine but another star, Victoria Justice, claimed hers were fakes.

Cloud services offer the convenience of automatically storing the data on the cloud to sync with the users' collection of mobile devices.

It has become increasingly popular in recent years as companies like Apple and Google have made them accessible to regular users for a low fee.

Content that is stored online typically includes photos, documents, videos and games.

Companies have also increasingly turned to cloud services to back up their confidential data, as it is a cheaper option than getting physical servers.

However, many users do not know how to turn them off.

Security experts here warn that there may well be a price to pay for the convenience. Security software developer Paddy Tan said the victims might have unknowingly set their phones to automatically upload all photos shot to iCloud during the initial phone set-up.

However, Apple is not the only company that provides such cloud services. Other tech giants, such as Microsoft and Google, have cloud services of their own.

"This (hack) could happen to any cloud storage, such as Amazon Cloud Drive, Google Drive, Microsoft OneDrive, and iCloud is no exception," said Miss Shirley Wong, co-chairman of the Cyber Security Awareness Alliance in Singapore.

"There are many ways which could lead to leakage of an individual's information, such as photos that are uploaded to the cloud," said Mr Chong Rong Hwa, senior malware researcher of California-based IT security firm FireEye.

It could be a case of malware installed on computers to steal user names and passwords.

So, it would be premature to say iCloud was hacked, said Mr Chong.

But to prevent such digital theft, Mr Chong recommends that users should opt for complex usernames and passwords, avoid reusing the same credentials across different Web services, and take advantage of additional security features such as two-factor authentication to better protect one's data from hackers.

Local celebrity Bobby Tonelli said that putting anything private on the cloud is not a good idea.

"Nothing is unhackable in this day and age," said the 38-year-old actor and radio DJ.

trevtan@sph.com.sg

Join ST's Telegram channel and get the latest breaking news delivered to you.