Celebrity Examples of Data Breaches
We’re heading further into a digital realm and almost everything we do in today’s world is either digital or has the option to be. Whether that’s the way we work, shop, consume entertainment or communicate, we can do it all online (which most of us do). But what about our digital privacy and what is digital privacy?
Digital privacy is when we can browse the Internet and use networks and devices without our data being compromised. Since we all have a digital presence, that means digital privacy is important for all of us. Nobody is immune to the threats facing the cybersphere. As such, we must all be taking actions to protect ourselves. We’re going to take a look over some famous celebrity examples to illustrate how people can easily fall victim to a cyber attack, even when they think they’re protected. We should all be learning from each of these examples and protecting our digital privacy better as a result.
A Digital Privacy Breach at Celebrity Media Law Firm
Earlier this year, Grubman Shire Meiselas & Sacks, media law firm to a host of A-list celebrities, was hacked. The hackers claimed to have accessed 756 gigabytes worth of data, including sensitive information such as contracts, nondisclosure agreements and personal email addresses. Celebrity clients of the firm include Madonna, Lady Gaga, Robert De Niro, Bruce Springsteen and Drake, among many others. As you can imagine, such high profile clients would expect utmost privacy and even they fell victim.
It was reported that a contract of Madonna’s was made public, and that the attackers were demanding payment as a result. The hackers also released an image of the file directory, showcasing folders with various client names on them. In this situation, it’s really a lose-lose for the victim. If you don’t pay, the data will be made public. If you do, you get nothing more than a criminal’s word that it’ll be deleted.
The same hackers were responsible for a ransomware attack on Travelex, a currency exchange company, even earlier in 2020. Travelex paid a staggering $2.3 million in Bitcoin to the hacking group. The group is clearly on a path that proves just how easy it can be to access sensitive data and breach our privacy.
The question is, since we believe taking preventative rather than reactive measures is important, how could the law firm have prevented this? The details surrounding the attack have been kept particularly private, so it’s hard to know exactly what happened. But, we do know that the group responsible is known for using the vector REvil to implement their attacks. REvil works by sending emails with a fake Microsoft Word document attached.
Assuming the same vector was used on the law firm, we can suggest that better cybersecurity training offered to their staff could have avoided the attack. Any unknown attachment from a suspicious or unidentifiable source, especially coming from outside of the organization, should be treated with caution. Often these are made to look like they’re coming from a colleague, but employees should be trained to recognize the differences.
Protecting a company from ransomware, or maintaining full digital privacy for clients, doesn’t just require state of the art cybersecurity systems. In the UK in 2019, the Information Commissioner’s Office together with CybSafe conducted research that found 90% of the country’s cyber data breaches were caused by human error. That’s why employee education is so crucial to maintaining a digitally secure and private environment; it works in tandem with the cybersecurity systems for stronger protection.
In yet another case of users trusting a company but having their data hacked, Canadian married dating site Ashley Madison fell victim to a huge data breach back in 2015. In the world of married dating and affairs, Ashley Madison was a household name with nearly 40 million users at the time of the breach. These users were promised secrecy by the site, but hackers proved this wrong. A huge list of usernames were dumped on the dark web, including many .gov email addresses. The legitimacy of these cannot be confirmed, nor can any of the alleged celebrity accounts.
‘Celeb Gate’ Celebrity iCloud Hacks 2014
Known as ‘the Fappening’ or ‘Celeb Gate’, back in 2014 hundreds of celebrities had their intimate images leaked from iCloud. They trusted tech giant Apple to protect their data. With a reputation and market share as big as theirs, trusting them seemed to make sense. Celebrities including Jennifer Lawrence, Ariana Grande and Emily Rajtakowski, alongside the 300 million other victims, shouldn’t have (if they wanted to keep the intimate images private that is).
Hackers managed to brute force attack the celebrity accounts, a process that consists of continuous attempts to break into the accounts until one is successful. What should have been done differently to prevent this type of attack? For starters, Apple should have blocked the accounts after repeatedly failed log-in attempts were made. As for the celebrities, Apple devices offer users the option to turn off automatic syncing to the cloud. By switching this off, you’re ensuring that all your photos remain stored on your local device. Keeping everything in one place means less opportunity for attack, of course.
However, we understand that certain photos can be precious or sensitive (how many of you keep photos of sensitive documents in your phone for easy reference?). iPhone users could use an encrypted storage system like Ciphr Vault to store these photos as opposed to a cloud based system like iCloud. With a whole host of top tier encryption protocols including AES 256 and Composite Key Brute-Force Protection, an encrypted storage app like Ciphr Vault keeps data stored locally in your app and can be a much more secure option.
UK Phone Hacking Scandal by News International
Even members of royalty or the families of high profile victims of crime are not immune. In a famous example that led to a public inquiry, British news corporation News International was found guilty of phone hacking famous and non-famous members of the public alike. This is a huge celebrity example highlighting the lengths people will go to invade your digital privacy. News International were listening to voicemails stored on victims’ personal devices, and then publishing the information they gathered. The hackers may have been jailed as a result, but the digital privacy of their victims was violated forever.
You may be wondering what to do if you can’t even trust sending a simple voicemail. Fortunately, there are other solutions for leaving voice messages such as sending voice notes over encrypted messaging apps. For example, Ciphr Text allows you to send voice messages that are encrypted by TLS to prevent any unwanted eavesdropping or modifying.
Celebrity Social Media Hacks
In July 2020, Twitter suffered the most drastic cyber hack in its history. Although only 130 accounts were affected, these weren’t just any accounts. They belonged to some of the world’s most prominent celebrities and Twitter users, from Barack Obama to Kim Kardashian West. Other victims include Bill Gates, Joe Biden, Elon Musk, Kanye West and corporations Apple and Uber. The scam sent tweets from the above accounts offering a time-limited doubled investment on any money sent to the linked Bitcoin address.
Twitter claimed the incident was the result of a spear phishing attack done over the phone. By targeting Twitter employees, the attackers were able to gain access to Twitter’s internal network and support tools, further enabling them to access account management tools.
Although initially the attack was focused on cryptocurrency accounts from Bitcoin to Gemini, it swiftly migrated to hacking the accounts of celebrities.
Just like with any form of cyber attack, education is key. It’s always better to prevent an attack than to react to one, for various financial, reputational and security based reasons. Here, if Twitter staff were better educated regarding phishing attacks, this particular incident could have been avoided. A suspicious link in an email designed to look like it came from a legitimate source within the organization shouldn’t be all it takes to disrupt an entire multi-million dollar corporation and some of its most high-profile users but in this case, it was.
Verified users on Twitter weren’t able to post or make account changes in the aftermath of the attack while Twitter handled the incident. Despite this handling, one question remains that nobody can know the answer to: these celebrities had their digital privacy violated, so have the hackers retained elements of their personal information, such as private messages from their accounts?
In another famous example, Instagram, owned by Facebook, suffered a huge data breach back in 2017 that also affected many high-profile users. Jennifer Lawrence was among those with their digital privacy invaded. The attackers were able to find personal contact details from phone numbers to email addresses which were then posted and sold on the dark web.
The hackers were able to access the data due to an API flaw within the Instagram app. Following the incident, Instagram released a patch to fix the problem and avoid further damage than what had already been done. This is a valuable lesson for any businesses out there. Even some of the most successful of social media apps have flaws in their software, so you could too. Regular updates and patches are critical to maintain the digital privacy of your organization and trusting users.
It can be worrying to realize that even the companies we trust the most to protect our data can leave us vulnerable to a breach. How can you protect yourself further on apps like Instagram?
Firstly, it helps to enable two-factor authentication. Although having a long, complex password is always important, this provides an extra barrier to your account in the unfortunate event of your password being breached. Even with two-factor authentication in place, you should still be changing your passwords regularly for best practice.
Beyond this, remember that reputable services and social media apps like Facebook, Twitter and Instagram won’t ever require your password via email. If this is what you’re being asked, it’s more than likely a scam to be ignored.
Finally, if you want utmost digital privacy on these platforms then you need to ensure you’re regularly updating your apps. As the 2017 Instagram hack taught us, they’re not immune to flaws that can be taken advantage of by malicious hackers. These flaws are constantly being ‘patched’, but we don’t get to reap the benefits of the patches unless we update the app.
In the previous year, celebrities Katy Perry, Drake and Kylie Jenner fell victim to data breaches that saw their Twitter accounts taken over. Strange tweets were being posted from their accounts to their millions of followers, ranging from racist messages to attempted communications with other celebrities.
Famous Music Album Leaks
You often hear about musicians being forced to release an album or song earlier than expected due to a leak. Just last year, Radiohead had eighteen hours of their music stolen by hackers who were demanding $150,000 for it not to be uploaded to the internet. Instead of giving the cyber criminals the money they wanted, Radiohead themselves released the tracks online for free. Celebrities such as Madonna, Kanye West, Rihanna, Beyonce and Jay Z have also had tracks stolen and released early by hackers.
Think of the albums or tracks in question here as sensitive data. Everything we create should be protected from the thieving acts of cyber criminals. Having their work published illegally by hackers, often incomplete and destroying any chance of financial gain, is an invasion of digital privacy with huge consequences.
We may have covered all things celebrity related here, but that doesn’t mean that us non-celebrities aren’t also at risk of the same threats to our digital privacy. Absolutely anyone with a device and an online presence should be aware of the potential threats and be taking the appropriate precautions to protect their privacy. Perhaps the examples won’t be as extreme when affecting the general public, but these celebrity cases act as a great reminder of the drastic social and economic damage data breaches can cause. It’s your right to protect your digital privacy, so taking the above precautions and learning from these famous incidents should help.