How Did 50 Female Celebrities Get Hacked?
Jessica Alba and Scarlett Johansson reportedly had nude photos, videos stolen.
March 18, 2011 — -- FBI agents are reportedly closing in on a ring of hackers thought to be responsible for stealing nude photos and videos from at least 50 female celebrities.
According to TMZ.com, the ring broke into the accounts of stars' cell phones and other computerized devices to obtain the compromising photos and videos. Among the celebrities reportedly hacked: Jessica Alba, Selena Gomez, Demi Lovato, Christina Aguilera, Vanessa Hudgens, Scarlett Johansson, Ali Larter, and Miley Cyrus.
TMZ reported that Hudgens met with FBI agents on Thursday to discuss the hacking of her Gmail account. The FBI declined ABCNews.com's requests for comment; representatives for Hudgens did not immediately respond.
One report suggested that Alexa Nikolas, an actress on the now-canceled Nickelodeon TV series "Zoey 101," is responsible for leaking one of the personal photos, a shot of her kissing Hudgens. Nikolas' lawyer, Neil Meyer, not only refuted that report, he said he and Nikolas are cooperating with the FBI to track down whoever obtained and shared the photo of her and Hudgens, which was taken when Nikolas was 14-years-old. (She is now 18).
"For some anonymous blog to say that she was the one who leaked this, it's like making her a victim twice," Meyer told ABCNews.com.
Some blogs have connected the purported hacking ring to Josh Holly, whose Tennessee home was raided by the FBI in 2008 after they connected the then-19-year-old hacker to provocative photos of Cyrus. Before his personal computer was seized, Holly bragged about his celebrity hacking skills in online forums and on blogs. (Holly was not charged in connection with the 2008 incident, but was arrested in January on unrelated charges involving hacked credit card numbers.)
How could dozens of celebrities have made themselves vulnerable to hackers? Pretty easily, actually.
"A lot of the necessary information is not very difficult to obtain," said Beth Jones, a senior threat researcher at the Internet security company Sophos. "With Twitter or with celebrities' personal websites, you can figure out what their e-mail accounts are, especially Web-based e-mail accounts."
"From there, you can go to 'forgot my password,'" Jones said. "Unfortunately, a lot of people use very easy-to-guess security questions, like their mother's maiden name or their pet's name -- all of that is easy to find with a Google search."
When it comes to phones, hackers don't need the device itself to break into its information bank.
"A lot of times, people don't change the PIN [personal identification number] on their phone, it's the default," Jones said. "It's the way of locking your phone down so no one can access it. But if the hacker has your cell phone number, they can go to the 'my account' function on your phone's website and try accessing your texts and information by putting in the default PIN."
Often, the star in question won't know their phone or e-mail has been hacked until the formerly-private photos end up spread all over the Internet.
"There's not going to be any trace of the hacker being in there," Jones said. "All they're doing is copying information down and exiting out."
And, when it comes to selling and distributing the photos, they cover their tracks.
"Hackers will use things like torrents or they'll blur out where they are, so it can't necessarily be traced back," Jones said. "Or they'll put up a photo on an anonymous site and it'll spread from there."
How can Hollywood players (and everyone else) protect themselves?
"Make sure that you're using a hard-to-guess, non-dictionary word for the password, and don't use that same password elsewhere," Jones advised. "Definitely try to use some better secret questions for your security that aren't things that can be easily Googled or guessed."
Jones offered another suggestion:
"I hate to point out the obvious, but not taking nude photos on your phone is your first line of defense. Remember Polaroids?"