From quite some time we have been hearing about hackers who have leaked explicit photos of various Hollywood celebrities which were uploaded on the Internet. There has been an assumption that some photos were stolen directly from celebrities’ accounts in the Apple’s iCloud. However, the question arises, was iCloud systems actually breached or users individual accounts were hacked?
After more than 40 hours of investigation Apple said, “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my Phone”.
Few days ago, While some of the celebrities were found to have their iCloud accounts compromised, Apple customers were being targeted with a Kelihos botnet phishing email campaign with the intention to steal Apple ID’s and passwords.
eScan has observed that spam emails were sent to Apple customers, appearing to be from Apple. This email informed users that they have signed in from an unusual location and that they need to verify their email address. Below are the sample emails.
The email included a shortened URL that directs the user to a phishing page. This page looks like a legitimate Apple website page that asks the user to submit their Apple ID and password. By doing so, the user will actually provide his/her credentials to hackers, who will in turn exploit it or resale it.
This phishing email campaign started just few days after the news broke about celebrities explicit photos leaked. The timing of the phishing email campaign and hacking of celebrity’s iCloud accounts can’t just be coincidence.
In a recent statement Apple said that its iCloud systems have not been breached and that thieves stole celebrity photos from Apple accounts by targeting individuals, rather than by breaking into the company’s infrastructure.
The statement clearly indicates that the photos were stolen as a result of “spear-phishing” attacks. In such attacks, hackers specifically target an individual user with the aim to acquire their passwords and usernames to break into their account. The hackers could also have tried to break into accounts by repeatedly guessing the password. As many celebrities admitted that they ignored strong password policies and chose very basic passwords.
However, Apple plans to bolster its iCloud security measures to prevent account misuse. CEO Tim Cook tells the Wall Street Journal it will send email alerts and push notifications when someone tries to make password changes or try to restore data or login to an account on a new device.
Now, After Celebrity Photo Hack, Is the Cloud safe? What should a user do to protect his/her data from leakage?
- Use strong password to secure your account and data
- Enable two-factor authentication services for enhanced security
- There must be appropriate encryption in place to save the data in case if your handheld device is lost or stolen.
- Be cautious of the data (personal or professional) you store in the cloud.
- If you are storing important or sensitive data in your device, cross check that your device does not automatically upload data into the cloud.
- Be cautious before sharing your sensitive information (including photos and videos), with anyone. Ensure that other person’s device is secure to keep your private data safe.
To avoid becoming victim of phishing attack, users should:
- Identify phishing emails, such mails are filled with countless grammatical errors and are often written in awkward English.
- Never respond to emails or messages from unknown sender that have “undisclosed recipients” in the address line.
- Never click on the link mentioned in the mail, if required type it in another browser tab to see what it contains.
- If at all you happen to click such a link and see a request for your banking credentials or other details for any kind of verification or updating purpose, do not enter your personal or financial information.
- Never get carried away by genuine-looking website that contains identical looking logos, pictures and banners.
Without accurate email protection you are at great risk of being trapped. Prevent yourself from becoming victims of phishing scams, use eScan Total Security Suite with Cloud Security for Home and Small Office Edition for real-time protection to computers from, phishing and spam emails, objectionable content and cyber threats.
Get the free trial of eScan Total Security Suite with Cloud Security from here: http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=ES-TOTAL-SEC