It has been four years since the first Fappening (it was also known as Celebgate in 2014) attack against celebrities, but it seems that 2018 will not be the year hackers stop doing their dirty work. Mikaela Hoover, an actress best known for playing Nova Prime’s assistant in Guardians of the Galaxy, has recently become the latest Fappening victim. Fappening has already affected more than 30 women, including Amanda Seyfried, Brie Larson, Christina Hendricks, Gabrielle Union, and Jennifer Lawrence. As for male celebrities, Dwyane Wade and Justin Verlander have become victims of the Fappening attack as well. Without a doubt, it is not a full list of victims, and it is very likely that it will expand even more in the near future since hackers involved in Fappening attacks are not going to stop trying to hack celebrities’ iCloud accounts anytime soon.
According to legal documents TMZ managed to obtain, up to 40 000 private photos and videos were stolen from Mikaela Hoover’s iCloud account. She is captured nude in some of these photos. In addition, 119 of those stolen private images were uploaded on the Fappening website and can be accessed by anyone, so it is not surprising that the actress has already contacted Lost Angeles Police Department and reported a cyber crime against her. Police have already traced a couple of IP addresses that, potentially, belong to hackers, but cyber criminals who have hacked the actress’ iCloud account have not been identified yet, so the investigation is still in progress.
Four hackers, including Ryan Collins, who is responsible for the initial leak of celebrities’ private pictures and videos back in 2014, and Edward Majerczyk, the man responsible for the second Fappening wave, were sent for trial, but, as the recent Mikaela Hoover’s case shows, their partners continue hacking iCloud accounts belonging to celebrities, so it is just a matter of time when photos and videos of other famous people are leaked to the public. Nobody can feel safe, but it does not mean that there is nothing that can be done to protect the private content.
Let’s get slightly more technical now. As mentioned several times throughout this report, hackers who perform Fappening attacks manage to access celebrities’ private pictures and videos by abusing Apple’s iCloud service. A security issue in the iCloud API used to allow for unlimited password guesses, so some hackers gained access to iCloud accounts belonging to famous people by simply using the method called brute-force guessing. As for more sophisticated hackers, they initiate phishing attacks so that they could easily break into iCloud accounts and then leak the personal information found there. It has been observed by researchers who have investigated Fappening attacks that the majority of hacked iCloud accounts had the automatic backup function enabled. To be more specific, the private information was obtained via the online storage used for backing up data from iOS devices. It seems that hackers might gain access to such accounts easier if compared to those with the function disabled. This feature can be disabled by users quite easily, but most people keep it enabled since it is active by default.
In most cases, hackers gain access to celebrities’ iCloud accounts using phishing attacks, specialists say. Wikipedia defines phishing as “the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.” For example, a phishing email masqueraded as the genuine message from Apple Security Department might be sent to potential Fappening victims in order to gain usernames and passwords of their iCloud accounts. If these details are entered, cyber criminals can log into these accounts and steal any personal information they find on them. It does not mean that users cannot do anything to protect their privacy. Security specialists say that users should always carefully inspect all emails they receive. Apple Security Department might send emails, but they will never contain typos or grammatical mistakes. In addition, specialists say that users should not click on links found in emails. Instead, the URL of the website they want to access should be entered manually in the web browser’s URL bar. Last but not least, it would be smart to have security software enabled on the device used.
- ‘Guardians of the Galaxy’ Actress Leaked Nude Pics Have Cops on the Hunt. TMZ
- Free Images. Pixabay
- Khandelwal, S. Fourth Fappening Hacker Admits to Stealing Celebrity Pics from iCloud Accounts. The Hacker News
- Kochetkova, K. How to Protect Yourself From Phishing: 10 Tips. Kaspersky Lab
- Murdock, J. What is the Fappening? A Guide to the Nude Photo Scandal that Shook the Celebrity World. International Business Times
- Phishing. Wikipedia
- Williams, J. New Fappening? Mikaela Hoover’s 119 Nude Pics Leaked on the Web, Police Investigate. Newsweek