Celebrity watchers, as well as security experts, were baffled over the weekend as a second large tranche of intimate/nude celebrity pictures flooded onto various internet sites. Once again, the unnamed hackers behind the flood claim that the pictures - and videos - were the result of iCloud leaks.Amongst the victims of this second leak are reality television star Kim Kardashian, actor Vanessa Hudgens and US national women's soccer team goalkeeper Hope Solo. Other potential victims reportedly include Mary-Kate Olsen, Avril Lavigne, Hayden Panettiere, Lake Bell, Leelee Sobieski and former Disney stars Aly and AJ Michalka.
SCMagazineUK.com understands that the intimate images and videos appeared Saturday morning (US Time) on the 4Can image-sharing site, as well as on Reddit, but were deleted in matter of hours by the site admins under their new copyright infringement policy. Even so, the files also started appearing on BitTorrent and Usenet fileshares over the weekend.
Apple and the FBI are both investigating this latest incident. The Hackernews newswire quotes Apple's CEO, Tim Cook, as saying that the celebrities' iCloud accounts were compromised, either using phishing attacks or with hackers guessing their security questions.
Apple has been phasing in two-factor authentication (2FA) over the last week on iCloud, in parallel with the launch of iOS 8.0, so it seems this latest tranche of intimate photos and videos pre-date the use of 2FA.Mike Ellis, CEO and digital identity expert at ForgeRock, said that this issue has relevance to corporates, and not just the celebrities who have been embarrassed.
"Big businesses as well as large, trusted government organisations need to manage vast and growing numbers of employee and customer digital identities. As we enter the digital transformational era this kind of crisis is only going to get worse," he said.
"Global brands and large organisations that fail to take the right steps to address the growing complexity of identity relationship management risk not just a big dent in their reputation and trust, as iCloud is surely likely to face, but serious commercial or social consequences too as customers switch to more trusted brands or switch off entirely altogether. This example is just the tip of the iceberg and must be addressed sooner, rather than later," he added.
Over at Tripwire, Tim Erlin, the security firm's director of security and risk, said that, whilst this latest news story will undoubtedly focus on the privacy violation for the celebrities involved, and the mechanism by which this hacker was able to carry out the attack, there's an underlying shift in the technological landscape that will continue to enable the scale of these kinds of breaches to expand, for both celebrities and corporations.
"The evolution of data stored in one physical location until intentionally moved or copied, to seamless cloud synchronisation and mixed online/offline interactions, creates a near total lack of transparency for the average user into where exactly their data is," he said.
"When you take an action on your phone, and it synchronises to your laptop and tablet, that data is almost certainly going somewhere else, being stored and backed up. Each of these locations and systems in which the data exists creates a vector for attack that must be protected. We are largely at the point where nothing you do on your iPhone can be considered private," he explained.
The message is getting through
Research just released by VoucherCodesPro in the wake of the first celebrity pictures hack of earlier this month, meanwhile, suggest that the first incident has caused many smartphone users to review their security, with just over a third of respondents deleting 'personal photos' from their phone following the scandal. In parallel with this, researchers found that almost half of the 1,500-plus UK respondents indicated that they would improve their security software.
All respondents were initially asked to disclose whether they had adopted safer security measures online and with technology following the recent leaked celebrity photos scandal. Respondents were informed that safer security measures included resetting passwords, updating security settings and installing security software. The majority of respondents (62 percent) revealed that they had adopted safer security measures.
Nick Swan, CEO of VoucherCodesPro, a money-saving site, said that what has happened to these female celebrities, such as Jennifer Lawrence, is disgusting and a huge invasion of privacy.
"You can't help but feel sorry for them. It is, however, refreshing to see that the British public are being proactive with their own personal security," he said, adding that it is incredibly important to ensure you are safe online."Not only must you protect your personal photos, but also personal details, secure information and banking details. Anyone could be victim of a breach, it doesn't just happen to celebrities, so we must do everything possible to protect ourselves," he explained.