Jennifer Lawrence nude photo leak 'should not worry' average cloud user - expert
The reported hacking of Jennifer Lawrence's iCloud and the publication of nude photographs should not worry the average cloud user, an expert has said.
The representative for the Irish Center for Cloud Commuting and Commerce (IC4) emphasised the importance of user diligence.
Speaking to Independent.ie, Brian Lee said "Without knowing the details of this case, most attacks like this come back to lack of security by the user. Weak passwords can easily be broken by 'brute force' methods - a computer will be set to try all combinations."
"Most of the top-level Cloud service providers offer automatic encryption on upload to the cloud. Even today, it would be almost impossible to break encryption."
A way to safeguard your data is to ensure you have a strong password - mixing upper and lower-case letters, numbers and special characters. Lee advises against using place names, real names or anything related to you that could be guessed or researched.
"There could turn out to be a Heartbleed-like weakness at play, but the most likely scenario involves an element of social engineering."
"Social engineering, sometimes known as 'phishing', involves getting access to passwords by tricking the user, often through email or similar".
Two-step verification, like that offered by Google, is a good way to protect your online security. Two-step verification involves a password followed by a code request, which is texted to a pre-linked mobile phone.
However, while data in the Cloud should be safe, users should be aware of how data is stored or protected on all of their devices.
"If your data is also stored locally, it is not encrypted. Someone could gain access this even if the same information is locked down on the Cloud."
Average users should be more careful around credit card and financial details - those would yield a higher return on investment for hackers.
"These kind of attacks are cleverly crafted, well engineered and take effort and ingenuity. They are sophisticated and can takes months to put together."
"There have been one or two cases involving insider attacks on large companies - where a group gains access through an insider. However this is rare - it's much more likely to have been related to user error".
Overall, users should be careful when deleting data to ensure the data is removed in all of it's forms - including any backups.
"When you delete it, it might not be deleted if the backup is not deleted".
"If data is fully deleted on the Cloud, it should be irretrievable."