Here's How Your Favorite Celebrities Got Hacked
For one, cyber attacks aren’t limited to the rich and famous.
You may think an account takeover or the release of private photos could never happen to you. But the same scams, frauds, and hacks used to target the private data of high-profile celebrities are used against regular people like you and me every single day.
So what can we learn from the worst celebrity hacking cases of the past decade?
Let's take a look at which celebrities have been hacked and how they could have protected themselves.
CelebGate: One of the Worst Celebrity Hacks of All Time
CelebGate (also called “The Fappening”) was one of the worst celebrity hackings in recent history.
Using a coordinated attack, cybercriminals stole and leaked over 500 compromising photos from nearly 100 famous young women between 2014 and 2017.
The list of film and pop stars affected by this hacking scandal (and others like it) includes:
- Amanda Seyfried
- Amber Heard
- Analeigh Tipton
- Ariana Grande
- Ariel Winter
- Ashley Greene
- Avril Lavigne
- Blake Lively
- Cara Delevingne
- Christina Hendricks
- Dakota Johnson
- Demi Lovato
- Emma Watson
- Heather Morris
- Hope Solo
- Jennifer Lawrence
- Jessica Alba
- Jill Scott
- Julianne Hough
- Kaley Cuoco
- Kate Hudson
- Kate Upton
- Katharine McPhee
- Katie Cassidy
- Kirsten Dunst
- Kristen Stewart
- Kylie Jenner
- Lea Michele
- Leslie Jones
- Lindsey Vonn
- Mary-Kate Olsen
- McKayla Maroney (including nude photos taken when she was underage)
- Mila Kunis
- Miley Cyrus (including nude photos taken when she was underage)
- Nicole Scherzinger
- Olivia Munn
- Rosario Dawson
- Sarah Hyland
- Scarlett Johansson
- Selena Gomez
- Sofia Vergara
- Stella Maxwell
- Tiger Woods
- Vanessa Hudgens
- Victoria Justice
So how did the "Fappening" happen?
Hackers Breached iCloud, Apple’s Cloud Storage Service
With the majority of celebrities using iPhones and other Apple devices, hackers went looking for vulnerabilities in Apple's cloud storage system.
What they found was that iPhones, iPads, and laptops automatically backup photos and videos to their users' iCloud accounts. To access those accounts requires an Apple ID and password.
So how did hackers discover these celebrities' passwords? They didn't.
Instead, hackers found a vulnerability in the "Find my iPhone" app that allowed them to find a celebrity's Apple ID. Once they discovered their ID (typically an email address), they sent phishing emails pretending to be from Apple or Google security.
These scam emails look just like real ones (even using the same visual style and similar email addresses). Inside, hackers tell you your account has been compromised and that you'll need to "verify" your identity by providing your username and password–essentially handing them over.
Other celebrity fraudsters tried what is known as a “Brute Force” hacking attack.
With a Brute Force attack, hackers use software programmed with a dictionary of common password combinations (for example, password123). In a matter of milliseconds, the software makes repeated attempts to “guess” the right password combination.
Once the cybercriminals got into the celebrity iCloud accounts, they had access to each individual’s pics, contacts (including phone numbers and addresses), text messages, emails, and other sensitive data.
The hackers initially traded nude photos of famous people for Bitcoin. However, the leaked photos soon started circulating on various social media channels.
How To Safeguard Your Apple ID from Getting Hacked
Back then, Apple didn’t block accounts where repeated login attempts were made, so the malicious software would continue to strike until the hackers gained access. Now, Apple locks your accounts for a certain period of time if too many failed password attempts are made.
However, this type of attack could still happen to any of iCloud’s 850 million users.
Personally, I know just how quickly your Apple ID can get compromised. When my iPhone was stolen during a vacation, the thieves were able to bypass my two-factor authentication (2FA) using the verification codes sent via SMS. They quickly changed my passwords and locked me out of my own email, iCloud, and even banking accounts.
Luckily, I didn’t have any compromising photos on my phone. But it just shows how easily fraudsters can bypass your security measures, if you’re not careful.
For this reason, you may want to disable the automatic iCloud backup feature (here’s a guide on how to do that) if you have any photos or videos you’d rather keep private. And you should always:
- Create strong, complicated passphrases (not passwords). If your password is in the dictionary, a Brute Force attack may unlock your account in seconds. Strong passphrases include a random 16-character string of upper and lower case letters, numbers, and symbols that’s much harder to predict or crack.
- Use two-factor authentication (2FA) or better, an authenticator app. 2FA requires another form of authorization (such as a text message sent to your phone) to log in to your accounts. However, text messages can be compromised if a hacker has access to your phone. Instead, an authenticator app like Google or MIcrosoft Authenticator is a much more secure choice.
- Make sure you're using a secure Wi-Fi connection. Public Wi-Fi networks are convenient, but they allow hackers to use man-in-the-middle attacks (MITM) to eavesdrop and get access to your sensitive information. A virtual private network (VPN) can ensure your browsing is secure and private.
The North Korea Sony Hack
One of the earliest celebrity hacks happened to Sony Pictures Entertainment in 2014.
After producing a satirical movie about Kim Jong-un called The Interview, a North Korean hacking collective known as the Guardians of Peace breached the Sony studio servers.
During the security breach, cybercriminals stole and leaked employee addresses, telephone numbers, company contracts, movie salaries, and five films the studio had yet to release. They also released malware that erased Sony’s entire computer system.
However, the most curious aspect of the hack came when the Guardians of Peace exposed the aliases celebrities use to protect their privacy.
The public learned that:
- Tom Hanks introduces himself as Harry Lauder or Johnny Madrid.
- Natalie Portman goes by the name Laura Brown.
- Daniel Craig uses the alias Olwen Williams.
- Clive Owen is also known as Robert Fenton.
- Jessica Alba appears as Cash Money.
- Sarah Michelle Gellar calls herself Neely O’Hara.
Sony emails sent between high-level employees also revealed racist comments about President Barack Obama, derogatory words about Kevin Hart, and other embarrassing dirt the studio would have rather kept private.
The News Of The World Scandal
The News of The World was a British tabloid infamously known for its salacious headlines and celebrity gossip.
Where did this insider information come from? Apparently, it came from hacking the phones of multiple celebrities.
Actor Hugh Grant filed over 170 phone hacking complaints against the tabloid. Sienna Miller and Jude Law were also victims.
The tabloid even reportedly hacked the phone of Kate Middleton, the Duchess of Cambridge, more than 150 times! They also hacked Prince William’s phone 35 times and Prince Harry’s phone nearly ten times.
Even Mark Zuckerberg and Other Tech CEOs Got Hacked
You’d think the creator and CEO of Facebook would be savvy about passwords and cybersecurity. But Mark Zuckerberg was hacked by the cybercriminal collective known as OurMine.
The hackers learned Zuckerberg used the same password — “dadada” — for both his Twitter and Pinterest accounts. This same hacker group previously stole 117 million LinkedIn passwords. Security experts believe that’s where they found Zuckerberg’s credentials.
After targeting Zuckerberg, OurMine went after Evan Williams, the co-founder of Twitter. Once they guessed Williams’ Foursquare account password, they successfully used it to unlock his Twitter account.
And Brendan Iribe, the CEO and co-founder of Oculus VR (virtual reality), had his Twitter account hijacked after hackers discovered he hadn’t changed his passwords in over four years.
Lesson to learn: Never reuse passwords for different accounts, and update your passwords regularly.
The Grubman Shire Meiselas & Sacks Law Firm Hack
New York law firm Grubman Shire Meiselas & Sacks was attacked by the REvil hacking group in 2020. The data breach exposed 756 gigabytes of private information and legal actions related to these celebs:
- Robert DeNiro
- Elton John
- LeBron James
- Lady Gaga
- Mariah Carey
- Bruce Springsteen
- Nicki Minaj
Since the breach, the hackers have demanded $21 million in ransom, which the law firm refuses to pay. So the cybercriminals have been slowly auctioning off confidential information for cryptocurrency.
The Bitcoin Twitter Highjacking of Obama, Kanye, and More
During July of 2020, a massive cyberattack targeted and hijacked 130 celebrity Twitter accounts. Once they got access to their Twitter accounts, the hackers sent out tweets such as, “If you send me $1,000 in Bitcoin, I’ll send you $2,000.”
Unsuspecting followers clicked the links in the tweets and made the transactions, but never received any money. It’s estimated that the cybercriminals made off with more than $100,000 in stolen Bitcoin.
The hacked celebrity accounts included:
- Barack Obama
- Joe Biden
- Bill Gates
- Jeff Bezos
- Elon Musk
- Kim Kardashian
- Kanye West
- Warren Buffett
The accounts of Apple and Uber were also attacked and hijacked.
Twitter highjacking is a common scam. Outside of the cryptocurrency hack, many other celebrities have experienced embarrassing Twitter account takeovers, including:
- Lady Gaga
- Katy Perry
- Britney Spears
- Ashton Kutcher
- Wilmer Valderamma
- Bella Thorne
- Axl Rose
- Niall Horan
Former president Donald Trump was also a victim of Twitter hacking when cybercriminals learned his facepalm-worthy password: MAGA2020!
Don't Make the Same Security Mistakes as These Celebrities
Just because these hacking cases happened to celebrities doesn’t mean they can’t happen to you or someone in your family. Luckily, in most cases, these embarrassing situations are entirely preventable.
Basic security mistakes like reusing weak passwords and falling for phishing scams are all it takes to destroy your reputation.
So what would happen if cybercriminals gained access to your iCloud photos, sensitive emails, or social media accounts?
Besides violating your privacy and creating a deep sense of fear and distrust, hackers could steal your identity which could potentially lead to financial ruin. They could also release your private material to everyone you know unless you pay their ransom.
Hackers are getting more aggressive, but we’re getting much wiser about data protection.
Aura's security tools are designed to let you browse safer and know your sensitive and personal data is safe from hackers.