The Fappening: iCloud users, beware!

The event dubbed by the internet as "the Fappening" is the largest celebrity nude photo leak in history. But don't blame Apple.

The event dubbed by the internet as "the Fappening" is the largest celebrity nude photo leak in history. Although information is still emerging as to how, why and who is at fault, don't blame Apple for this latest security disaster. Celebrity nudes are not new; I am sure that everyone remembers the controversy surrounding Paris Hilton -- and Pamela Anderson before her. What makes this different is how these photos were taken. The celebrities involved were quick to respond to the news in a variety of intriguing ways, including the following tweet from Mary E. Winstead:

"To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves."@M_E_Winstead

My personal favorite response to this ordeal came from Kaley Cuoco-Sweeting, star of Big Bang Theory," who posted the following response from her Instagram account:

This response is my favorite because it doesn't shy away from the release, but rather hits it head on, blurring a photo that could have easily been part of the breach.

The implications of this data breach are far-reaching, and not just for celebrities. Mobile users store so much of their personal data online, and that's part of the problem. "Cloud" is a name created by marketing teams in order to rebrand "outsourcing." In reality, you are relinquishing your data to a location over which you have little control.

This data leak is not Apple's fault, however. Its systems were not compromised; rather, the users' passwords were cracked. Although celebrities didn't draw a line between the real criminal -- the hacker -- and Apple's iCloud service in this leak, the best step we can all take to prevent future occurrences is simply to create better passwords.

Kirsten Dunst was blunt in her tweet: Thank you iCloud (@kirstendunst)

The FBI is right in investigating this crime; it crosses state lines and, I would assume, international borders. Someone broke into a secured area, so the hacker believed to be behind this is no different than a bank robber or home burglar. Apple is also investigating the breach. "We take user privacy very seriously and are actively investigating this report," the company said in a statement. Apple also seems to be cooperating with the FBI.

The celebrities affected do not see any humor in the breach. Bloomberg quotes a spokesman for actress Jennifer Lawrence saying, "The authorities have been contacted and will prosecute anyone who posts the stolen photos."

What to do?

Make stronger passwords. For anyone who relies on "1234" or "password," this is the time to change it; these simple passwords are just not enough and are laughable in 2014. Stay away from your name or birthday, or those of loved ones. If you don't know how strong your password is you can always try this online password tool.

During the time I've spent dealing with people on tech-related issues, I've often come across the grave mistake of having an Excel spreadsheet entitled "Passwords" saved on a user's desktop, containing all of their log-in information to every online account. You can have the strongest password in the world, but if you have it saved on your desktop, you're setting yourself up for failure.

Want to do more? Disable your iCloud stream on your iPhone or iPad. Although this service is secure, it relies on the strength of your password. So if you have something you don't want people to see, as did the more than 100 celebrities affected by this breach, it's a good idea to disable your iCloud Stream, or any other picture syncing service to the Cloud that you've set up.

To turn off the Apple service on your iDevice, follow these steps: In Settings, tap on iCloud, then tap Photos, and switch everything off. Photos taken on the device will no longer be uploaded to iCloud.

If you decide to disable cloud synchronization, just make sure you have everything backed up locally on your computer.

Who's really to blame?

Well, the short answer is that it wasn't Apple's. The hacker thought to be behind the attack is known as OriginalGuy, and he has confessed to being responsible for the leak. This person is now on the run from the FBI, who I assume are on the chase already. But the problem here is cloud services. They are not safe enough, contrary to what marketing departments would have you believe. (Remember the cloud breaches in June affecting Google Drive and Dropbox?)

I sympathize with the celebrities. Of course, there are people who will say that they deserve it for taking nude photos, or simply for being in the public eye. But I would ask these people to imagine how they would feel if it were their daughter, mother, wife, sister, or even themselves. Because this happened to a lot of high-profile people at once, the breach received a lot of attention.

But it could just as easily happen to you.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleInstagramsecuritycloud securitycloud computinginternetHilton

More about AppleBloombergDropboxExcelFBIGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Alex Burinskiy

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place