Cloud storage makes a lot of sense. Yes, we all have external hard drives to store important data including photos and videos. But hard drives do fail as most of us have probably experienced. Cloud storage, especially those services offered by big tech names, are a good back up for your back up.
I recently had a hard drive fail on me. Fortunately, I had a back-up of that back-up (another external hard drive). The potential loss of important data made me shudder with fear at the thought of my other hard drive (the back-up of the back-up) failing too. If that had happened, my data would have been lost forever.
Someone advised me that for crucial data, you need two back-ups: a hard drive back-up and a cloud-based back-up. It’s sound advice. But something that happened recently might make some people jittery about using cloud back-ups: The infamous leak of celebrity nude photos.
Intimate photos of big name stars like Jennifer Lawrence, Kate Upton and Kirten Dunst were leaked to the Internet by hackers who managed to gain access to their iCloud accounts. (This is a service that allows users to back up digital content and access it on other Apple devices).
Apple maintains that this was not due to general breach of its iCloud service. “We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said in a statement. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find My iPhone.”
How did the hackers do it? Even the experts are not sure but there are three prevailing theories.
i) This could be a result of phishing – where fake e-mail messages (supposedly from the service provider but actually not) asks users to click on a URL for some security or verification purposes.
ii) A brute-force attack where a program is used to guess massive numbers of possible passwords to guess the correct one. This actually works because some people use very common passwords.
iii) Educated guessing of celebrities’ security answers. Most systems offer users a way to retrieve forgotten passwords by asking them security questions such as what your mother’s maiden name was, which town you were born in or what is your first pet?
Whatever the method used, it was successful and if it could happen to the stars, it could happen to you too. Granted, you are probably less likely to be the target of such attacks but still, it pays to be play it safe when it comes to your personal data (even if you don’t store racy selfies on your cloud storage).
Is there a way to 100% prevent any cloud storage leak? Yes, do not put anything on cloud storage. But that’s not a realistic solution unless you want to live like a Luddite. Fortunately, there are things you can do to protect yourself considerably and they all have to do with passwords. Here are the Top Three things you should do immediately.
Don’t use the same password for all accounts.
It’s tempting to use one password for every online account you have because of the convenience it offers. It’s like a skeleton key. Remember it once and you can use it for everything. But the danger of that is if someone gets that skeleton key, all your accounts are vulnerable. It’s a pain to have a different password for every single account but they don’t have to be totally different. Variations of each other work fine.
Make up security answers: If you answer truthfully, it makes it so much easier for someone to guess what your security answer is, especially if you are a public figure or if the hacker knows you. So, for a question like “What is your mother’s maiden name”, answer something like “Darth Vader”. For “What town were you born in”, you could say “Toyota Prius”.
Turn off automated back-ups: Many mobile-related services such as iCloud and Google’s accounts for Android does regular back-ups to the cloud by default. They do that to offer you convenience. But because not many people even realize that their device is doing this on their behalf, they might end up storing sensitive or intimate images or videos that they otherwise would not do. For the sake of security, I would suggest turning automated back-ups off even though it means you cannot access your data on other devices.
We live in a modern world and it doesn’t make sense to reject modern services like cloud storage, which has many advantages. Just observe password management best practices and be careful about how your data is back-upped, and you should be fine.
Oon Yeoh is a new media consultant.