Despite assurances from Apple that their iCloud service has not been breached, malefactor(s) have managed to grab some very racy pictures of A-list female celebrities (and at least one unfortunate male, baseball star Justin Verlander, who's there mainly because of his connection to supermodel Kate Upton).
The uncensored photos were posted on reddit, which is a wonderful bulletin board for all kinds of discussions. However, it does have some corners that are kind of the armpit of the Internet. They were also up on 4chan — undoubtedly the smelly crotch of the online world.
So people went and ogled.
As you might expect, even badder guys got on this #Celebgate bandwagon, promising links to those juicy photos, but actually seeking to infect your computer with malware, then steal your identity or your soul or whatever.
Therefore, WARNING: Looking for naughty things on the Internet can easily cause your computer to become infected. Or worse. As I explain in Technocreep, in 2013, Cassidy Wolf, then Miss Teen USA, was victimized by a cyber-intruder who surreptitiously turned on the webcamera in her laptop, which she, perhaps foolishly, kept in her bedroom. He threated to expose the photos online unless she gave him even more explicit ones. Wolf did the right thing and went to the police, who caught the perpetrator and sent him to jail. Being a creepy jerk is not a crime, but stealing people's pictures definitely is.
It turns out the latest breach may have even more unsettling dimensions.
Technical analysis by myself and other researchers has revealed that some of the leaked celeb photos contained metadata that disclosed the camera device used (often an iPhone 5) and the GPS coordinates where the photo was taken. This allowed, for example, Samer Kalef to "confirm that it was Verlander's account that was hacked, not Kate Upton's." You can read more here.
He deduced this from reading the photo locations, helpfully attached by the phone's GPS. They ranged from Manhattan to Phoenix to Minneapolis, closing matching the road game schedule of the Detroit Tigers. Knowing precise the location of a celebrity's home, or their favorite hangouts, could even pose a risk to their physical security. There are plenty of stalkers out there.
It's worth mentioning that the reason this metadata was intact is that these photos were directly uploaded to cloud storage. When you post a photo on Facebook, Instagram, or a similar service, these bits, called the EXIF data, are stripped off. But if you email a photo directly to someone, you do run the risk of divulging the precise location.
Perhaps the creepiest aspect of this is that most experts believe this was not an isolated incident. They are now suggesting that it was a long-term effort, by multiple people, who collected and traded forbidden photos like baseball cards. (Sorry, Mr. Verlander.) If you'd like some insight into the minds of the twisted folks who do this, you can read some of their actual words here.
What they posted may be only the tip of the iceberg. In fact, who knows, those racy photos or videos you thought might be fun to take could be out there too. Celebrities make the most tempting targets, but anyone is fair game in the world of digital theft. It's worth thinking about.
In fact, I suggest you sit down THIS VERY EVENING with your favorite beverage and review the privacy settings of all your programs (like Facebook) and devices (computers, phones, tablets, etc.) Look especially for settings like “upload my photos automatically” or “automatically backup to the cloud.” If you don't understand what something does, ask an expert. Or find a teenager. Even better, keep your most private photos and other personal information on a USB stick, locked away somewhere very safe.
These celebrities have done us a great, if unwitting, service, by alerting us to the sleazy realities of the online world. Nobody wants to blame a victim — but it’s wise to take some precautions to avoid becoming the next victim.