The recent theft of private photos from celebrities' digital clouds serves as a cautionary tale even for those of us who aren't famous. We have previously discussed how hackers posted nude or otherwise sensitive pictures stolen from Jennifer Lawrence, Kate Upton and dozens of other women to the website 4chan. Users then disseminated the photos around the web on other sites like Reddit.
4chan is a digital hub with minimal oversight that The New York Times calls "one of the darkest corners of the web." Founded in 2003 by 15-year-old Christopher Poole, 4chan allows users to post and share material anonymously with little to no accountability. Photos and video depicting graphic violence and sexuality are not uncommon on the site, which sometimes attracts upwards of 12 million users in a single month. That's where the hacker or hackers first posted the naked shots of celebrities, reportedly trying to sell them in exchange for bitcoin.
One MIT paper says that it's 4chan's guarantee of user anonymity that makes it so volatile.
"[The] lack of identity makes traditional reputation systems unworkable," the researchers write. "Second, instead of archiving conversations, [the forum] deletes them when newer content arrives - often within minutes - which leads to a chaotic, fast-paced experience."
That lack of rules and administrative monitoring make 4chan a prime platform for releasing stolen personal information, whether a naked photo or a confidential message. Even if you aren't a celebrity and have never taken a nude picture, you likely have at least some digitally stored, private information that you would not want a hacker to post online and share with all of your friends, family members and coworkers. In the wrong hands, something as seemingly innocuous as an email could put you at risk of personal humiliation and even blackmail.
The moral of the story: It's crucial that you take steps to guard your privacy, whether or not you are a celebrity. Enable two-step authentication when available and use unique passwords across all of your online accounts. Each password should contain a random assortment of uppercase and lowercase letters, numbers and symbols. We recommend investing in a password manager, which acts as a secure digital vault to store and handle all of your entry code information. While this adds an important extra layer of security against cyber criminals, it allows you the ease of single sign in, eliminating the need to remember dozens of complex passwords.
You should also be skeptical of any emails or other messages requesting your sign in information, even if it appears to be from a legitimate company. At first, observers speculated that the celebrity photo leak might have been the result of a security flaw in iCloud, however, Apple has since released a statement saying that is not the case. After conducting its own investigation, the company concluded that cyber criminals likely obtained the celebrities' usernames and passwords through a "targeted attack." Hackers are able to make sophisticated mock websites that may look exactly like the real deal. Visit the website on your own, rather than clicking a link embedded in a message, and never give out your username and/or password unless you are sure you are communicating with a reliable source.