A hacker has gained access to Adele’s personal photos and released them, including a pregnancy scan of her son. The hacker reportedly accessed the photos through her partner’s email. Here to comment on this news is security experts from Lieberman Software, ESET, AlienVault, MIRACL and Tripwire.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
“What’s interesting about this breach of Adele’s privacy is how closely it follows the pattern typical of corporate breaches. They suspect the attacker gained access through a poorly secured partner’s access. The breach itself was discovered by a third party and reported to the unsuspecting victim. These details closely mirror many corporate breaches and Target in particular, breached through their business partner and told by a third party.”
Mark James, Security Specialist at ESET:
“Being famous is as much of a choice as being a mechanic, but even the famous deserve privacy. Apparently Adele’s partner Simon Konecki has had his email account accessed and a selection of very private photos have been stolen and released without permission. It’s likely the account was compromised either through a phishing attack or insecure password.
Email scams are very rife at present and you need to be extra careful when following any link you receive in an email. Make sure you have good regular updating internet security software installed, keep your operating system and applications patched and updated and be very mindful of free Wi-Fi points that are not secure. If possible try to use a third level of protection like 2 Factor Authentication (2FA), take extra care to ensure you use good passwords for email, web logins or indeed any account that requires a username and password, you may want to consider a password manager to make your passwords super strong that way you don’t have to remember them yourself to ensure they are a good length (12 or more), do not contain dictionary words or common names that could be associated with you and ideally has upper and lowercase letters, numbers and special symbols or characters.”
Richard Kirk, SVP at AlienVault:
“It is unfortunate that Adele’s private life has been targeted and this is a reminder to anyone who uses email to ensure that they adopt a secure password policy. It is not clear exactly what happened and it is also unlikely that a hacker was expecting to make much money out of revealing Adele’s private photos, however it is distressing for anyone who protects and values their private life. And this does not just mean celebrities. It is worth remembering that our email accounts often contain an elaborate and detailed history of our lives, some of which may have real value to hackers. For example, it is very common for people to send each other financial information such as bank accounts, PayPal details, and even worse, account ids and passwords. The following top 5 tips are worth remembering:
1) Never use a password that contains personal information that could easily be guessed. For example, the name of family members or pets along with special dates such as birthdays and anniversaries.
2) Use a password generator that creates a password that cannot easily be guessed or cracked. Some web browsers will provide this facility as will password managers.
3) Consider using a password manager as this will remove the temptation to use a password that can be remembered, which usually means it is not secure.
4) If your email system offers 2-factor authentication, seriously consider using it.
5) Finally, never share your password with anyone, and never send it in a message, such as email, SMS, WhatsApp , etc.”
Brian Spector, CEO of MIRACL:
“Although this is a horrible invasion of Adele’s privacy, maybe it will at least raise awareness to the general public about the vulnerability of all our digital data. All we know so far is that the intruder gained access through her partner’s email, so the likely culprits here are either a password hack or a phishing scam.
All users, celebrities or not, need to be aware of the value of their personal data on the web, and take steps to protect it. Choosing complex passwords and avoiding using the same password for multiple sites is helpful, but it’s hardly user-friendly. The underlying issue is that the username and password system is old technology that simply cannot secure the deep information and private services that we all store and access online today. Ultimately online services need to protect their users more effectively by replacing the password with a more secure and usable solution.”
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire:
“This isn’t the first time we’ve seen celebrity photos as the target of a cyber attack, and it likely won’t be the last.
With the way that devices and services are interconnected today, it can be difficult to understand which data is shared with others or with third parties. Anytime data, including photos, leaves your device, it’s put at greater risk.
When you share data with others, whether via an app or email, you’re implicitly putting trust in their security. Even if you’ve chosen a strong password and kept it secret, that other person may not have been so diligent.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.