Romanian Kaspersky expert weighs in on celebrities’ nude photos leak: “A consequence of weak passwords”

Costin G. Raiu, director of the Global Research & Analysis Team (GReAT) at Kaspersky Labs, was asked Tuesday for his opinion on the hottest topic related to information security: the hacking of over a hundred of celebrities’ iCloud accounts, which led to their nude pictures being released and traded online. Raiu believes that weak passwords are at the root of the problem that led to the violation of privacy for Jennifer Lawrence, Lea Michelle, Kate Upto, Rihanna, Ariana Grande and dozens of other female celebrities.

“It is my personal opinion that the cause of the problem was a weak password”, Raiu said, present at the launch of Kaspersky Internet Security – Mobile Devices 2015.

Raiu also argued that most of the celebrities that were targeted by the hackers knew eachother which probably led to a “cascade effect’. 

“It’s hard when you think about it to come up and remember a 20-30 digit password for your iCloud account”, Raiu went further.

iCloud is Apple’s data-centre-hosted storage and syncing system. It lets data stored on one Apple device, like an iPhone, be synced to others – like iPads – that are owned by the same Apple account holder. As such, iCloud also acts as back up for music, apps, iBooks, audiobooks, photos, device settings and app data set-ups. It is protected only by the user’s login and password, however.

Read more about

Offline vs. Online Wallet Apps: Finding The Right Balance

read more

On Sunday, explicit photos of 101 Hollywood actresses and models were uploaded by an unknown hacker on 4Chan, an anonymous, image-sharing website. The images appear to be shots privately taken by the actresses themselves, or their partners, leading to speculation that they have been stolen from the stars’ own Apple iCloud iPhone/iPad-linked accounts.

iCloud data is encrypted both on Apple’s servers and while in transit from your device, and the company maintains the master key necessary for decryption if necessary, such as a request from the government. Official Apple apps use secure tokens to authenticate an account, eliminating the need to store user names and passwords within the apps themselves, and is generally considered extremely robust.

According to Apple, using a strong password is ‘the most important thing you can do to help keep your data secure’.

 “The problem is that most people don’t change their passwords, and they use the same password on different sites,” says Su Gim Goh, Security Advisor Asia for F-Secure, quoted by NDTV . “And there’s actually an interesting chicken and egg issue here, which is that the longer and more complex a password is, the less likely users are to change it.”