The theft of hundreds of private photos belonging to well-known celebrities - including naked pictures of The Hunger Games star Jennifer Lawrence - has left Apple facing searching questions about the security of its iCloud service.

The Apple cloud storage system - which automatically backs up documents and images stored on people's iPhone and iPad devices - was broken into by hackers, who then shared the private images of celebrities that they stole on notorious messaging board 4Chan. The photos went viral, with reports of the image thefts being spread via social media and the wider web.

But while the teenage boys of Reddit clamoured to gawp at photos of naked celebrity women, the real issue here is arguably this question: are people too quick to trust the security of cloud storage services like iCloud? After all, this episode might not involve sensitive corporate data, but it still represents a massive data breach for those who've had their private photos exposed.

"It is a stark reminder of the potential consequences of having sensitive material lying around in the cloud," said Chris Boyd, malware intelligence analyst at Malwarebytes, who pointed out that individuals may not be aware that their smartphones are automatically backing up their files to a cloud server.

"With today's devices being very keen to push data to their own respective cloud services, people should be careful that sensitive media isn't automatically uploaded to the web, or other paired devices," he said, going on to warn that these services might also be keeping hold of deleted files, too.

"People should also investigate the deletion procedures for online storage. Many services enable you to 'undo' deletions, which could cause problems in certain situations."

Eduard Meelhuysen, EMEA vice president of Netskope, told Computing that while many organisations don't allow the official use of applications like Apple's iCloud, the popularity of the iPhone means that it's always possible that employees are using it to store corporate data.

"Even if you don't think your organisation is using iCloud, your employees undoubtedly are. Apps like iCloud, which are predominantly aimed at consumers, are such an essential part of users' lives that blocking their use within a business environment isn't really an option," he said, adding that the iCloud breach means "questions around security need to be addressed".

That, Meelhuysen argued, means teaching employees about the risks of uploading files - whether corporate or personal - into the cloud.

"Rather than block iCloud, or any app for that matter, organisations should try to shape usage by stopping risky behaviours, such as the upload of personal identifiable information or the sharing of sensitive content outside of the company. That way you can mitigate risk while enabling the use of cloud in your business," he said.

Originally posted here:

iCloud celebrity photo hack: Are we too quick to trust cloud storage?