Data Doctors: Celeb photo hack a lesson to us all

By Ken Colburn, Data Doctors

PHOENIX — Q: What do we need to do to make sure our pictures don’t leave our phone and head to the cloud?

A: The recent widespread hacks of celebrity iCloud accounts has many wondering if they should be concerned about storing their private files in the cloud, but before you dump the cloud, let’s review the details.

Looking at the parameters that allowed this to happen may help you make a more informed decision as to whether cloud storage is for you or not.

Based on the information that has been released thus far, it appears that these celebrities were targeted, which is quite different than random acts of hacking that you and I might be exposed to.

When hackers are not specifically targeting you, they look for easy targets to exploit, so regardless of your future use of cloud storage, there is much to learn from this incident for all your online accounts.

The hackers reportedly used “brute force” attacks which is akin to a massive computerized guessing game. Every combination of letters, numbers and special characters are guessed until the password is broken.

Since Apple had not limited the number of guesses that could be made on one of their associated online services — Find My iPhone — the hackers were able to spend whatever time it took to break the weak passwords. Apple has since closed this security hole.

If the celebrities followed the typical guidance of using a complicated string of characters that’s at least 8 characters long but stopped at 8 characters, they made the brute force attack pretty easy for hackers.

Security researcher Steve Gibson has an online resource that estimates that most 8 character passwords can be broken in just over one minute by powerful brute force attackers.

Had they just added 7 exclamation points or any other string of easy to remember characters to the end of whatever they were using, they would have made it nearly impossible (from a time standpoint) to crack the passwords in this way.

The other huge mistake that they made was not activating the 2-step authentication that just about all popular online services now offer.

I refer to it as a Password Fraud Alert that you should setup everywhere in this column.

Either one of these steps would have likely protected the stars, but just like the rest of mankind, they chose ease of use over security with easy to break passwords that they use on all their accounts.

At the very least, make sure your email account has a unique password that is at least 15 characters long, because it’s the gateway to virtually every other account you own. Remember — all those password resets get sent to your email Inbox.

I personally have no concerns about using the cloud to store my pictures automatically, but you’ll have to decide for yourself.

If you want the directions for deleting iCloud backups from your iOS devices, go here but make sure you backup to your computer first.

My Android phone is set to automatically push my photos and videos to my Google+ account, but they can only be seen by me unless I choose to share them.

Google+ can be an automatic backup system for smartphones, tablets, iPhones and computers; you can find them by searching for #autobackup in your Google+ account.

The directions for turning off Google+ auto backups is located here.

Follow @WTOP and @WTOPtech on Twitter, and on the

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up