Storing sensitive data in the cloud has always been questionable. Over the weekend we learned just how “sensitive” that data can be. Just in case you were on vacation, unplugged from technology, and haven’t heard the news, reportedly dozens of celebrities had their iCloud accounts hacked and nude photos stolen and posted publicly on the Internet.
While some may celebrate this as a triumph, it’s really a horrifying violation of privacy. How would you feel if the leaked images were of your spouse, your child, or your parent?
Basically, what’s being reported is that some “celebrities” used Apple’s iCloud to automatically back up their pictures. Although Apple was allegedly made aware of a “brute force” bug in their iCloud service months ago, the company apparently did nothing – or didn’t take action fast enough. Services with this type of bug allow an attacker to send repeated username/password combinations to the service until finally a match is made and access is granted. This is one reason why very long passwords are so important (the longer the better).
Unless you’re using something like SpiderOak’s “Zero-Knowledge” cloud storage, your data is only protected behind a simple username and password. As we’ve seen in the past, this simply isn’t enough. Currently, the only way to keep your important information from being leaked (either publicly or to the legal system) is simply not to store it there in the first place. This, of course, isn’t practical for some types of data, but for others, it’s vital!
Even still, there are three things you should never store in the cloud!
Intimate images
This is what the news is running away with: intimate pictures. Most people immediately think of pictures showing too much skin, or intimate activities. While those types of images should never be stored in the cloud for obvious reasons, there’s another type of “intimate image” that might not have crossed your mind.
Birth Certificates, Marriage Licenses, Death Certificates, Driver’s Licenses, Passports, Social Security Cards, and any form of photo identification should be considered “intimate” and NOT stored in the cloud.
Sure, it’s embarrassing and potentially damaging to store images with nudity in the cloud, but this other type of “image” can be even more harmful – and long-lasting. Identity theft is a huge business and we’re already making it far too easy for the people involved in that trade to steal our information. Let’s not make it any easier for them!
Passwords
Usernames and passwords are the virtual keys that unlock our digital lives.
If you’re like me, you don’t use the same password for any two accounts. Keeping track of all those passwords can be exhausting! Some people use Post-It Notes hidden under their keyboards (or plastered around their monitor), others use a spreadsheet, and some keep a notebook with credentials for every single site they’ve ever signed up for sitting in their desk drawer, ripe for the plucking.
Notebooks and sticky notes are probably bad ideas, but they’re much more secure than storing a document in the cloud! Think about it: to steal your logins that you’ve got stored in a notepad, an attacker would have to have physical access to your desk (in some cases that’s a real threat); when you keep your credentials in a document that you store online, all someone has to do is break into one of your accounts (your cloud storage account) and they’ll have hit the jackpot – access to all your other accounts.
Account numbers
Lastly, don’t store account numbers in the cloud. This includes, but is in no way limited to, your bank account, your retirement account, your Health Spending Account, your credit card number, patient account numbers, and even your student ID.
Why? An attacker probably already knows your name, so giving them access to your account numbers is simply providing them with one more piece of private information, basically leaving your password as the only line of defense against their attack.
I’m somewhat confident in the passwords that I’ve selected (and change often). How confident are you with your passwords? That’s what I thought. Let’s make it as difficult as possible for the bad guys to steal our private information. Who’s with me?!