Celebgate Hacker Used Simple Phishing Tactics

Published on

Celebgate was a hack heard—and seen—around the world in 2014 and this week, the man who pled guilty to leaking hundreds of nude celebrity photos, was sentenced to nine months in jail.

Studying this sensational hack offers a valuable lesson—to explain how Edward Majerczyk, 29, from Chicago, gained access to the accounts of Jennifer Lawrence, Kirsten Dunst, Kate Upton and other celebrities to steal their nude photos.

In August 2014 as the hack grabbed major headlines, a major security weakness in Apple’s iCloud backup service was initially suspected. Instead, Majerczyk obtained the data by phishing the majority of his targets. That’s it. A simple email technique was used to trick numerous account holders out of their passwords and access data. If that failed, additional accounts were compromised using ‘brute force’ password entry techniques to guess likely combinations. In all, over 300 iCloud accounts were hacked.

You have undoubtedly seen a phishing email before. Most likely, one or more have landed in your Inbox. There could be one there today. It could claim to be from banks, package delivery firms and other legitimate businesses but the links embedded are not. Instead, a clicked link might take you to a site riddled with malware or ask you to confirm your identity by providing login credentials to a legitimate site.

Impulsive clicking can be disastrous. Just ask John Podesta, Hillary Clinton’s campaign manager, whose emails were hacked then leaked. That hack was linked to a simple phishing technique.

This is the reason why the theft of your email address matters so much and the reason that ID Watchdog monitors your email address to alert you when it’s leaked. A single stolen email can lead to bigger abuses. We strongly suggest never clicking on links in emails you weren’t expecting—even if they’re from a business with which you have a relationship.

Being on guard is the only real defense. Take this phishing test to determine if you can consistently spot the fraudulent emails. If you work in an office, challenge your co-workers. There are sites like knowbe4.com that will test your workforce.

Even with a high score on phishing tests, don’t get arrogant. It only takes one mistake to open your data to the world. Never click on links sent in emails—especially those shortened by a service like bitly.com. These compressed URLs can be impossible to track to their ultimate destination. It’s far better to navigate to any sites you wish to visit on your own.

It’s easy to get baited. It’s up to you to not bite the hook. Phishy emails can create more headaches than you’d imagine.

Comments are closed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Follow us on Twitter

Follow us on LinkedIn