If you’ve been following the news over the last couple weeks, you’ve no doubt heard about the private photos of famous actresses that were posted on the internet. There’s been a quite a bit of angst about how these accounts were hacked and the feeding frenzy on some social media sites by those who were interested in seeing the pictures. It’s an obvious breach of these individual’s privacy, and the sad fact of the matter that no matter how much time and money they spend to try and stop these photos from being viewed, now that they’re ‘out there’ on the internet someone will always be able to find them with a diligent search.
As it turns out, the latest news is that the cloud system where these photos originated was not directly ‘hacked.’ Rather, access was gained into these individual’s personal accounts by relatively simple brute-force attacks. Their email or user id’s were compromised, and from there it was just a matter of trying to guess the passwords for each of the accounts – and there is plenty of illicit software on the web that will allow someone to rapidly try large numbers of passwords. In essence, the accounts were simply not very well secured, likely with a weak password or easily guessed security questions.
As technology support professionals, does this really surprise us? I know from personal experience that users of the systems I support frequently either use very simple passwords or store those passwords in places that are obvious and easily retrieved. I’ve even seem them put post-it notes of passwords right on the front of the monitor or computer!
What does amaze me is that these people who are so well-known would be so ill-educated on the importance of properly securing their private data. They are not typical users of these systems – while you and I may be concerned about data loss, and we may occasionally get snared in large-scale data breach scenarios – it’s very unlikely anyone would specifically target us. Celebrities, athletes, politicians, or otherwise famous people really are targets, they make themselves such simply by being ‘famous.’ So I have to wonder what they – or their advisers – are thinking when cell phone or cloud accounts are compromised due to poor security precautions. How much harder would it have been to place two-factor authentication on the account? To have a complex password?
What should this teach all of us as technology support professionals? Simple – if these people who are so famous and obvious targets of nefarious individuals who want to steal their personal and private data are so oblivious to the importance of securing that information, how much more important is it for us to continuously stress to our staff and customers how critical it is to be protected? In the environments that we support, are our clients and customers educated about securing critical information? Many of us work in financial, healthcare, legal, or energy industries. We have much more to lose than the loss of a few embarrassing photographs. There could be credit information, health records, or other personal information that could severely damage the trust and reputation of our employer.
These types of events should make us think about how we do things in our own lives and work environments, and give it real consideration as a teachable moment.