In late August of 2014, approximately 100 female celebrities had their privacy breached, when personal and intimate photos were published online, sourced from their private iCloud or Gmail accounts. At the time of the leak, or commonly known as “The Fappening”, rumours ran rampant that the iCloud had come under siege through password hacking attacks. Apple maintained that they had not been breached, and the hacks were most likely due to a phishing scam. It has now been revealed that this claim was in fact correct.
Ryan Collins, a Pennsylvania native will plead guilty to violating the Computer Fraud and Abuse Act for stealing private files from Apple’s iCloud servers, including nude photos from such celebrities as Jennifer Lawrence. He was caught by the FBI, and as the trial unfolded, it became evident that the hack did not involve a breach to Apple’s servers, rather the victims falling prey to a phishing attack.
[i] Image retrieved from Vagabomb
Collins allegedly engaged in a phishing scheme sending emails that appeared to be from either Apple or Google, requesting the victims’ login credentials. Once the login information was given, Collins inevitably logged in and illegally obtained person information and in some instances, used a software program to download the entire content of the victim’s iCloud backups. However, investigators have not discovered any evidence that links Collins to the actual leaks. The FBI is still looking into who shared or uploaded the information that Collins obtained.
The Assistant Director in Charge of the FBI’s Los Angeles field office, David Bowdich, made a statement regarding these charges. “By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violate their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.
The lesson to take away from this story is that human error can be your biggest security risk. As we have previously blogged, employees who are not trained and educated in today’s best security practices, can pose an enormous security threat to the safety of your data. We recommend following these best practices to avoid falling victim to any online scams:
* Be cautious of links in an email.
* Check that the website you’re accessing is legitimate.
* Note the email greeting. Legitimate organizations will include your name in their messages, as they will have it on file, if you’ve dealt with them before.
* The message arrived at a different email address than the one you gave the sender
* Keep previous history in mind.
* Never provide personal account information through email.
* Be cautious of attachments.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506. You can find Secure Sense on Facebook, LinkedIn and Twitter. Follow us for current company and industry news.
[i] Image can be found at: http://www.vagabomb.com/Jennifer-Lawrence-Just-Owned-Hollywoods-Equal-Pay-Debate/