Emma Watson, the actress, is taking legal action after private photographs of her were stolen in a suspected hacking attack. IT security experts from ESET, AlienVault and Comparitech.com commented below.
Mark James, Security Specialist at ESET:
“The news is quite sketchy currently regarding this new batch of leaked material. These photos could have come from anywhere – it may be a direct hack against one of the many cloud storage services we subscribe and upload to or it may simply be another case of password re-use obtained from the sheer volume of our private data being leaked, stolen and posted online. Many of these services were created a long time ago when password security was not on everyone’s lips. We don’t always check and change our passwords as often as we should and once all our data gets collated online, hackers will use all those credentials to gain access to other potential goldmines. When it comes to celebrities they only need a few hits from all those millions of leaked accounts to make it worthwhile.
“In an ideal world we would not have to worry about what and where we store our private information but sadly that’s not the case. It only takes a few minutes to check what digital services you subscribe to (both free and paid for) so have a look at where your data is going – if you have to store it online ensure that you’re using 2 Factor Authentication to protect it, and if your provider is not offering that level of protection then simply move to one that does. You don’t always have control over how your data is stored but you often do have control over how you protect it.”
Javvad Malik, Security Advocate at AlienVault:
“Today, many services are inter-connected to a degree that makes it difficult, if not impossible for users to know where exactly their data resides and who has access to it.
A photo taken on a mobile device can get synchronised to half a dozen cloud services, all of which will have varying degrees of access permissions. As we saw earlier this week from the Twitter Counter compromise, any third party app that has permissions to your device or cloud services could be compromised, bypassing security controls that a user may have in place.
It is therefore prudent that users:
- Are aware of which cloud services data gets automatically synchronised to, switching off those that are not needed.
- Regularly check which applications have been authorised to access their data and services. Revoking those which are no longer needed.
- Applying more stringent controls when dealing with sensitive data such as personal photographs.”
Lee Munson, Security Researcher for Security, Privacy Advice and Comparison Website at Comparitech.com:
“Given the fact that, contrary to early press reports, the leaked pictures of Emma Watson do not depict her naked in a bath and, instead, show her changing clothes, I suspect they have not come to light following any type of hack.
“Far more likely, in my opinion, these photos have been taken by a photographer, official or otherwise, who has now decided to publish them, possibly because Miss Watson has recently been in the media in relation to a Vanity Fair shoot that has put her firmly back into the spotlight again.
“Thus, I think any questions here are probably less to do with security and more to do with either privacy or, possibly, a contractual agreement that may have been broken should the photos have originally been authorised by her media team.”