Sophos Cloud Optix
The forces of extortionist scumbaggery have had the rug pulled out from them yet again: last week, it was Radiohead, releasing 18 hours of music rather than pay up to whoever hacked it away.
This week, it’s American actress Bella Thorne. Her approach: Oh, so you’re threatening to publish nude pics you hacked out of my accounts? Too late – I did it myself.
Thorne posted the images to Twitter on Saturday. She said in the tweet, which included screenshots of text messages with the alleged hacker, that “all of her s**t” got hacked on Friday. Then, she had to put up with 24 hours of threats “with my own nudes.”
I feel gross. I feel watched, I feel someone has taken something from me that I only wanted one special person to see.
Oh, and by the way, the FBI will be at your door shortly, she also said.
By Sunday, Thorne was still angry and hurt, but feeling a bit more compassionate toward whatever nimrod tried to blackmail her. In an interview with Hollywood Reporter, she said that she thinks whoever hacked her is a kid – somebody who made a bad choice and shouldn’t have his life ruined because of it:
This kid sounds like he’s 17, as much as I’m so angry and wanted to [f**k] him up over doing this to people I just wanted to teach him a lesson,. He’s still a kid and we make mistakes, this mistake is a bad one. But I don’t want some 17-year-old’s whole life ruined because he wasn’t thinking straight and [was] being a dumbass.
“If she hadn’t taken them in the first place…”
Yadda, yadda, yadda. We hear it all the time: If she hadn’t taken explicit photos of herself in the first place, there wouldn’t have been anything to hack away and hold over her head in an extortion attempt. That’s always been blame-the-victim thinking, like saying that people who own sexy sexy Bitcoin are just asking to be e-groped, or that people who have the audacity to swipe their cards in ATMs are calling out a come-hither to card skimmers.
The growing sophistication of deepfakes should put a nail in that argument’s coffin. Nowadays, with artificial intelligence- (AI-) generated porn – or strangely well-connected and gorgeous LinkedIn figments of your imagination, for that matter – you don’t actually have to take explicit photos of yourself to be featured in one.
Be that as it may, what’s more important than playing the blame game is good security hygiene. While we applaud Ms. Thorne’s refusal to play into this hacker’s hands, we hope that she’s managed to figure out how she fell into those hands to begin with.
A few, basic security musts
Maybe her login credentials were phished away? If so, has she since learned how to tell the difference between phish and legit?
Another basic security step is to take advantage of multifactor authentication (MFA) – what’s also known as two-factor authentication (2FA) or two-step verification (2SV) – wherever it’s offered. It ensures that even if a hacker gets his hands on your login credentials, he also has to jump the hurdle of providing another form of authentication to get into your account – like, say, a one-time code.
Or has she been reusing passwords? If so, somebody please advise Bella to stop. Password reuse is truly an atrocious idea.
Picking a proper password is one thing, and we’ve got a short, sweet video below that shows you how to do it. Remembering all your unique, strong passwords is another thing entirely. For that, we’re big believers in password managers that can handle the remembering for you.
Come to think of it, those password managers can also handle the unique password generation piece of the puzzle. But for those of us who still aren’t convinced that they want to go that route, here’s a video that walks you through making up your own strong passwords – at least 12 characters long, that mix letters, numbers and special characters.
Maybe advice such as “don’t store your [explicit] snaps in the cloud” is worth adding?
Yes, although it’s difficult advice to communicate effectively.
If you want to guarantee that your photos cannot be hacked from the cloud then the only way to be 100% sure is to not store them there, and to ensure that nobody else does either. However, if your photos are hacked from the cloud it isn’t your fault for having them hacked any more than it’s your fault for being mugged if you walk through a rough area of town.
Sure, but it’s not about blame, it’s about risk – as in, eliminating it 🙂
Email has been a major vector for these attacks (and many other varieties) for a long while. It seems like more could be done to address that than the major providers and clients are doing to date. As with anything security related, it’s a delicate balance between convenience and protection, but it still feels like we could make more strides toward safer email.
I propose that we call preemptively publishing stolen material to thwart extortion “doing a Radiohead”.
While releasing personal material may be painful, it also hurts the thief by destroying his power to extort, or worse to extort and publish anyway.
I have pursued a fifth option:
Be broke so nobody wants my account access. Ruin my own credit so nobody can take out a credit line under my name. Make sure I’m so ugly nobody wants to see my nudes, and don’t have any friends so even if someone gets my nudes, I won’t be embarrassed if they’re exposed.
You’re welcome.
Idea rejected: see rule 34 of the internet.
Part of the problem is that ecosystems like the Apple iPhone/iCloud and Android/Google Photos aggressively wants to slurps up all your personal photos for their AI analysis….but also provides a centralized cloud repository that is ripe for hacks. Any body remember the fappening hacks part one and two and three????
Ok, but where are the pictures?
“Thorne posted the images to Twitter on Saturday.”
The pictures are on her Twitter account.
To save you the trouble, her chest looks similar to all the other Z-list celebs who take their clothes of for publicly.
I am in agreement with 0laf T. Hairy, I don’t think there was a real hack and this is probably a publicity stunt, though kudos to her for spinning it as a cyber-security news story, and getting herself written about outside the usual show biz news outlets.
The problem is most of these users have no knowledge of technology and don’t know when they are storing pictures locally or in the cloud as it has become “seemless” and you have to override set presets in some cases not to store in the cloud. Both Microsoft and Apple love to default their computers and phones to store in the cloud, and their OSs make many attempts for a user to connect to it. I have to override it constantly to not store in the cloud.
I can only imagine this is going to get worse as young professionals get more enamored with their phones and other electronic devices. Only those who are cautious or those who don’t take those kind of pictures are going to avoid the shame that will come.
My Dumb ass Ex girlfriend sent me nude pics, them my computer gets hacked and her pictures ended up all over the internet and now the little **** is suing me in court over it !
is her name Bella?
So you’re saying someone did something common and reasonable with their image, and you failed to properly delete that image when you should have, and failed to properly secure it.
So you’re upset that they are then suing you because?
Maybe I’m cynical but she makes a significant living by posting ‘edgy/racy’ snaps of herself. Being ‘hacked’ into publishing ‘nudes’ gets her a nice fistfull of extra publicity probably much more than if she had just published them herself.
Bella Thorne is many things but essentially I don’t think that is the case here. I am sure some “stars” do as you say but the stuff she does is pretty clean in regards to that (movies, singing, etc.). Also, she is pretty high demand so I don’t think that is necessarily her need here.