Over the last week, there’s been a lot of media attention about leaked photos of celebrities that were allegedly stolen from iCloud or other online services. That’s worry for those of us who store their own documents and photos online, especially if our phones are set up to automatically sync with cloud services.
So, naturally, what you want to know is this: “Are files on the cloud safe?” Let’s assess the risks.
If you’re not a celebrity, you don’t have much to worry about.
From what we can tell, the leaked photos came via a group who spent literally years stalking celebrities and trying to find pictures. They traded the pictures among themselves in secret, until one member decided to release them all last week. It took them countless hours of dedicated hacking to get into each account. It was only worth it because they knew there was real value in doing so.
We don’t want to puncture your ego, but honestly, hackers are more interested in finding nudes of Jennifer Lawrence than of you.
If you use a strong password, you don’t have much to worry about.
Most of the hacks, it appears, ended up using very simple methodology. Find out or guess the username or email address, and then guess the password or find it by brute force. Most of us prefer to have an obvious username or email address, because it’s easier for everyone, so those are often easy to guess. On many services, my username is some variant of mattkelland, matt.kelland, mkelland, m.kelland, or so on, sometimes with a number on the end. That gives hackers a fairly limited number of options to try: maybe a few thousand, but a hacking program can blast through that pretty fast. I could make myself safer by deciding to be FlamingCarrot or something, but I grew out of that a long time ago. So let’s assume your username is compromised, and not worry about it.
However, if you have a good enough password, brute force attacks or guessing just won’t work. As we mentioned last week, the longer your password, the stronger it is. Don’t be fooled into thinking that just using some combination of upper and lower case letters, numbers and punctuation is good enough, or just changing S’s to 5’s or O’s to 0’s. Gr0uper7 is not as secure as FishyMonsterBubbleTooth. And whatever you do, don’t pick one of the common ones. If you choose password or password1 as your password, then you might as well not have a password at all.
If you use two-step verification, you don’t have much to worry about.
One of the biggest shocks about digital theft is that you can’t tell that anything’s been taken. It’s not like a physical theft where the item is gone. Two-step verification provides an extra level of security. If someone tries to access your data from a strange device, or make a major change to your settings, you’ll get a notification to confirm it, either sent to your email or to your phone. It can be a pain when you’re trying to do something legitimately, but it’s excellent security. If you have two-sept verification enabled, a hacker can’t break into your cloud services without also having access to your phone.
So if it’s available, use it.
You’re more likely to lose files saved on your phone than files on the cloud.
Around a third of us have absolutely no security on our phones or tablets, not even a PIN or gesture. If your mobile device is lost or stolen, then anyone who gets hold of it will have access to every single thing on there – photos, emails, access to your bank or social media, or anything else you have on there. Over 5 million phones are lost or stolen every year in the US – that’s nearly 2 million people whose private data is completely open. In other words, your photos are far more vulnerable to a thief who steals your phone, than to a hacker trying to steal them off the cloud.
Secure your phone, and back up your files to your computer or an online service.
Your files are safer on the cloud than they are on your home computer.
Files on your home computer are vulnerable in many ways. The most common problem is simple hardware failure. If your computer dies, you lose your data unless it’s backed up to an external drive. We see this every week: frequently we can recover the data, but too often your precious pictures and documents are gone.
Viruses and malware are another risk. They could open up your computer in all sorts of ways without your knowledge. Viruses affect millions of people every year who find that their personal data has been compromised.
You could also lose everything if your home is broken into, or in the event of fire or flood. Those may be comparatively rare events, but there are still around 300,000 fires each year, and 2,000,000 burglaries, affecting around 1% of households. As above, that’s a far greater risk than having your cloud services hacked.
Not only that, but your data is probably better encrypted on the cloud. It is possible for hackers to break into the servers and steal random files if they can get hold of a master password, but that won’t do them any good. Most cloud services use heavy encryption on the majority of potentially sensitive files, so they’re only readable by someone who already has your account details. If hackers get hold of your home computer, they’re unlikely to be encrypted, so hackers can read them as soon as they get hold of your machine.
In other words, don’t rush to delete your cloud services. Take elementary precautions, and your private photos and other files are as safe as they can be. Yes, there is a risk, but it’s very, very small. So don’t worry.