Tag Archives: Two Step Verification

iCloud Celebrity Photo Hack, Who’s Fault Is It? What Should You Do?

iCloud Celebrity Photo Hack, Who’s Fault Is It? What Should You Do?


A Server Farm
A Server Farm

100 Female Celebrities had their intimate photos stolen from their iCloud accounts this last week. These photos were then put up on a forum called 4Chan for all the world to see. There are now many questions from Apple users about the safety of iCloud, and a lot of concern around whether it’s safe to trust any cloud based service at all.

Apple released a statement today, basically saying that their services were not breached, but the users that had their photos taken either had easy to guess passwords, or easy to guess security questions. I believe Apple are splitting hairs in regard to their security.

Update to Celebrity Photo Investigation
Update to Celebrity Photo Investigation

Sorry Apple Your Customers Are NOT All Geeks!

I deal with ordinary everyday consumers who rely on their smart phones and computers every day. I teach and present my talks on cyber safety to people as young as 6 years old right up to seniors over 80 years old. And what I do know is that the majority of users of digital technology are ordinary people, non geeks, who have absolutely no idea or interest in how their phones or computers work. They simply want them to do the job that was promised. In the same way that they do when they buy any other type of equipment or machine. Ordinary consumers don’t want to know how a vacuum cleaner sucks up dust, or how the car’s wheels turn. They aren’t fascinated by the mechanics, they simply want these devices to work. Many users are certainly prepared to learn how to use these tools to a certain extent, but if you make it too complicated, they will get frustrated and give up and things will go wrong.

I see far too many technology folks criticizing the non geeks for being stupid around technology, they blame them for stuffing it up, for being naive for not being as smart as they are. This is NOT helpful. And sounds more like “Revenge Of The Nerds” to me.

Apple Are Blaming Their Customers

Apple is essentially blaming the celebrities that had their photos stolen. Apple are implying by their media statement that the security tools were all there, but these victims were negligent by not being more careful with their security and didn’t follow advice on setting up their accounts.

Here’s the thing, since when do you blame your customers? If your customers are not taking care of their security, is it because it’s simply too hard? The fact that I have to teach people to set up 2 step verification on Apple I.D is a perfect illustration of the problem, I shouldn’t have to do that! I can almost guarantee that the majority of Apple’s customers, have never heard of 2 Step Verification, which might have prevented this hack. When I ask attendees at my workshops or presentations if they have heard of 2 step verification only a few people at any talk I give, have.  I also suspect that the majority of Apple’s customers, don’t know what iCloud is, or how it works. In the case of one of the victims, she indicated via a Tweet that she had deleted her photos from her device, and seemed unaware of how those photos would have been taken. It’s likely they had been backed up to iCloud, so that they weren’t deleted from Apples servers.

If your customers make a mistake, then it’s up to you to make it harder for them to make mistakes. You don’t blame your customers for being naive and confused.

Where Did Your Manuals Go Apple?

Apple used to give manuals out with their software and their devices, and now they don’t. If you go looking for a manual for your software..you just won’t find an up to date version, I know because, I’ve tried to find them! If you go to the Apple website it is very, very difficult to find any step by step instructions to set things up. You have to go to the Apple Support forum to find advice, if you do get an answer to your question, it’s never from an official Apple representative. In some cases, there are questions there that  everyone is asking and it’s like the blind leading the blind.

Apple in their wisdom have decided to provide their customer service at their physical stores only. If you want extra advice you have to purchase an Apple Care service, which is quite expensive. One of the biggest problems Apple have with their customer service is that advice on security it’s on a “need to know basis” But if you don’t know what you need to know, you won’t ask.

Customers Will Be Taking Their Business Away From iCloud

Apple’s brand iCloud is now damaged. The majority of Apple customers, will not be siding with the Mac Fan boys and girls and saying “wow those girls were dumb, I’m going to keep using iCloud cause Apple told me how to use it safely in their recent media release”. People will be trying to unsync their photos like crazy… if they can work out how to do it.

If Customers don’t know how to set safe passwords or enter safe answers to the security questions for their iCloud accounts, and they don’t know how or why they need to set up 2 step verification it’s because Apple haven’t made it mandatory, or easy enough to do. Setting up the most secure settings on your iCloud account should be step by step when you buy a new device. “Who was your best friend in high school” and these types of questions are NOT secure questions and because most people are honest they will answer them honestly.  If you look up any celebrity online you will most likely find the answer to that question from an interview or IMDB.

This Is NOT A Moral Question

I don’t care if consenting adults want to take intimate pictures of themselves. Human beings have been fascinated with their own sexuality and naked body since they scratched naked cave wall pictures, it’s human nature. If Apple users have the impression that their internet connected camera phone is safe, it’s because Apple has encouraged them to think this.

Did Apple Really Think This Wouldn’t Happen?

This type of reactive patching of bugs, and troubleshooting after a hack has occurred is a massive lack of foresight. Are the executives at Apple really so far removed from how the average customer uses their devices and software that they don’t know that there is any confusion about the security of their cloud based products?

What Is iCloud?

iCloud is how Apple backup your data, including your photos, your calendar, your email to their servers or “hard drives” You can opt into the iCloud backup service when you set up your device. If you have your photos set to automatically back up to iCloud, it is important to know that when you delete a photo from your device it will still be available in iCloud. In order to delete a photo securely you also need to delete it from iCloud also.

Note: A Cloud based service is simply someone else’s hard drive. You are backing up your data to a supposedly secure  server or hard drive. You are also relying on your understanding of the security that is available to you.

What is my advice to Apple users. 

  1. Cloud services are incredibly useful, but not failsafe, research the product carefully
  2. If you are a high profile person, you had better get THE best online security advice, don’t put it off. You will be targeted, especially if you are female, unfortunately.
  3. Don’t store any sensitive photos on any internet connected device. Put them in a separate hard drive that does not automatically sync to your computer. And store it somewhere secure.
  4. Passwords should be random. For example: Fix77Stayz% make sure they include 8 digits or more. Upper and Lowercase letters, symbols and numbers. Don’t use real words or anything that can be traced back to your identity.
  5. Security questions, don’t need to be the truth, make them up. And write down the security questions by hand and store securelyvery securely. For example: “Q: Who was your best friend in school? A: Scoobie Doo”
  6. Create an email address that doesn’t’ have your real name in it. Create a pseudonym email address.
  7. Don’t sync sensitive photos or video to any cloud based servicenot yet anyway.
  8. Setup “Two Step Verification” on every cloud based service you use. This means that if anyone does try to break into your account, you will get notification that someone is doing it, and you will need to verify it is you trying to get into your account by providing a code that they will send you. Instructions on Two Step Verification Here:

Lastly, there is no secure way to send intimate photos. You might never ever have your account hacked or have one of your photos shared on beyond where you intended, but for many people, especially people with a high profile it is incredibly risky to store personal information on any device that is connected to the internet or in the “Cloud”.

The Hackers Are Criminals And Must Be Caught!

The culture around exposing intimate photos online is despicable, and incredibly damaging and hurtful. The people who did this need to be caught and prosecuted to the full extent of the law.

If Apple wants their customers to trust iCloud, then they have to make more difficult for their customers to make a mistake than it is for them to make one. Do a survey, find out how many Apple customers know what iCloud is and how it works. I bet you will find the majority of Apple users simply  don’t know. Digital technology should be safe for all, the old, the young AND the technically challenged.