Over Labor Day weekend, hackers posted hundreds of nude celebrity photographs to the 4chan.org image board, including personal images of actress Jennifer Lawrence, supermodel Kate Upton and Detroit Tigers pitcher Justin Verlander. The photographs were apparently stolen from Apple's iCloud, prompting concerns from the storage service's users.
Apple released a statement on Tuesday indicating that hackers received access to the celebrities' personal data through a "very targeted attack" on user names rather than through a vulnerability in the service itself. This likely means that the data was stolen through a brute force attack. Hackers carry out these attacks by using specialized software to guess a large number of passwords in a short period of time, cracking simple alphanumeric passwords in a matter of seconds.
If you store data on any cloud service, you probably have concerns about the privacy of your files. Unfortunately, these concerns are not out of place. Most people use very simple passwords to protect their data, and an exploited vulnerability can have substantial consequences. By understanding several important principles, however, you can protect your data while still utilizing cloud technology.
Protecting Your Privacy: What You Need to Know About the Cloud
"Cloud" refers to an online service that acts as central data storage for smartphones, desktop computers, laptops and other Internet-connected devices. This form of storage conveniently allows multiple computers to access the same files.Be sure to research cloud services carefully to find a provider that takes appropriate precautions to protect your confidentiality. Major providers like Apple, Amazon and Google use up-to-date security controls and will provide appropriately safe storage. Take the following steps to secure your personally identifiable information when using a cloud service:
Enable Two-Factor Authentication
Two-factor authentication is a feature that allows you to access your account only after you provide two proofs. When you try to log in, your cloud service sends a code to your phone or email address, and you must enter this code along with your password to access your account.
Two-factor authentication is important because it prevents access if your password is stolen or if the cloud service is compromised in some way. However, you have to enable two-factor authentication in order to use it.
Here is a MacWorld article that shows you how to set up two-step verification for iCloud. Other services will use a different process; consult your service provider for more information.
Choose a More Secure Password
Many computer users use the same password for every account, which opens up considerable security risks. Likewise, some people choose simple passwords that can be easily guessed during a brute force attack.
Choose a long, alphanumeric password and use a mnemonic device to remember it. Try taking a long sentence and replacing some of the letters with numbers. This page from Mozilla provides more tips for keeping your passwords secure.
Use Encryption to Protect Sensitive Files
If you need to store especially sensitive files, you can use a program like BitLocker on Windows or FileVault on Mac OS to encrypt your files before uploading them to the cloud. This can make the process less intuitive, but it is worthwhile if you need to protect especially sensitive data.
At Secure Data Recovery Services, security is our highest priority. We store all of the data that we recover on closed networks, so files are never accessible through the Internet during our processes. We can also encrypt return media on request, and regular updates to our SSAE 16 Type II certified procedures ensure a safe, transparent experience for all of our customers.