Exploring Information Security

View Original

WARNING: Nude celebrity photos leaked

Nude photos of several female celebrities has apparently been leaked on 4chan, a message board that allows users to post content anonymously

Jennifer Lawrence's Nude Photos Leak Online, Other Celebs Targeted - Stephanie Marcus - Huffington Post.

A screenshot taken by New York Daily News of the forums post shows a list that includes:

  • Jennifer Lawrence - Hunger Games

  • Kate Upton - Model

  • Lea Michele - Glee

  • Lady Sybil [potentially Jessica Findlay] - Downton Abbey

  • Ariana Grande - actress/singer

  • Victoria Justice - actress/singer

  • Brie Larson - Don Jon

  • Kristen Dunst - Spiderman

  • Becca Tobin - Glee

  • Jessica Brown Findlay

  • Hope Solo - Soccer player

  • Teresa Palmer - Warm Bodies

  • Kristen [Krysten] Ritter - actress/model

  • Mary Elizabeth Winstead - actress/recording artist

  • McKayla Maroney - gymnast and internet meme

  • Yvonne Strahovksi - Chuck

Celebrity responses have ranged from acceptance, prosecution threats and outrage to straight up denials.

From what I've gathered so far, it appears as if the photos may have been uploaded to iCloud via Photo Stream and then compromised by someone. As we wait for more details, there are some warnings and lessons to be learned here.

WARNING

Searching for nude photos on the celebrities above will increase your chances of getting some sort of malware on your computer. This is exactly the kind of big news that nefarious people will take advantage of to get something installed on your computer that could compromise it. Which could lead to several awful scenarios including your own nude photos being made publicly available.

Automatic Uploads

Turn it off.

Unless you don't mind your photos being backed up on a server you have no control over, turn the automatic upload feature off. Googling 'disable Photo Stream automatic upload' should get you to some resources that will tell you how to do this.

Taking nude photos with a device that can potentially upload it to the internet is bad enough; having it upload automatically is simply not a very good idea.

Two-Factor Authentication

Turn it on.

While we don't have all the details yet on how the pictures got stolen, it's possible that the theft could have been avoided if two-factor authentication was enabled. In cases like these, most of the time it's found that had two-factor authentication been enabled the compromise would not have happened. Two-factor authentication isn't perfect nor the ultimate solution, but it does increase difficulty of a compromise significantly.

Most applications and services you use have two-factor authentication available, use it. Apple and it's iCloud server has it available and it's fairly easy to setup.

Get On Twitter

#ifmyphonegothacked

Hash tags are the best thing since sliced bread and for events like these make the world a little brighter.

Get on Twitter and join in the fun.

This post first appeared on Exploring Information Security.