One thing that celebrities have in common with ordinary people is that they are also susceptible to cybersecurity breaches. Many public figures have had their private and public tech accounts hacked over the years and these attacks have often been due to simply having weak passwords that were easy for bad actors to discover.
Socialites, actors, politicians, and even prominent tech figures are guilty of practices of passwords lazy and being victims of cybercrime that have compromised their passwords.
President Donald Trump
In 2018, a Dutch hacker gained access to former President Donald Trump’s Twitter account simply by guessing the password, yourefiredwhich was his catchphrase on his reality show, The Apprentice.
In 2020, the same hacker was able to infiltrate Trump’s Twitter account again by guessing the password once again, as maga2020!another slogan of his.
The lesson here? One, keep your sentences to yourself. Second, don’t use the current year or an exclamation point at the end of your password. It may satisfy password generators, but they are the most obvious and commonly used special characters.
In 2005, socialite and heiress Paris Hilton’s T-Mobile account was hacked after bad actors discovered the password was Bell, named after his beloved pet Chihuahua. However, others have argued that the password might not have been directly Tinkerbell, but was somehow related to the name.
techdirt Editor at Cheif, Mike Masnick, noted that a common security question when resetting a password is “What is the name of your favorite pet?” For Hilton, the obvious answer would be Tinkerbell. From there, a bad actor could enter his own password and gain access to his account.” It wasn’t necessarily social engineering or a security hole or even actual hacking (although, in a sense, it was a combination of all three),” Masnick added.
The lesson here is simple: if you have a famous dog, don’t make it the answer to your security question. That might not apply to the average person, but the idea is to make sure that the answers to the security questions are obscure enough that only you know about them.
Meta (formerly Facebook) CEO Mark Zuckerberg had his Pinterest, Twitter and Instagram compromised in 2016 by the OurMine hacker group for have the notoriously lazy password of given.
Look, this one should be obvious. Finding a good password requires moving around the keyboard a bit more.
The Friend actress Lisa Kudrow accidentally doxed herself in 2019 when she uploaded a photo to her Twitter that included a sticky note with her account password on it.
This isn’t technically a hack or someone guessing an easy password. But let it serve as a reminder not to store your passwords on sticky notes or easily accessible online documents. Choose a reliable password manager and you will never have this problem accidentally.
The former CEO of Twitter had his own Twitter account hacked in 2016 after bad actors guessed his Foursquare password and discovered that he was reusing the same password for his social media account.
Another easy lesson for this one. Do not reuse the same password for every account you have online. Again, password managers will easily fix this, but this is the most dangerous way to leave yourself vulnerable.
Twitter account hijacking 2020
President Joe Biden and former President Barack Obama were affected by a Twitter hacking scam in 2020, in which bad actors infiltrated the accounts of several notable people. After accessing the Twitter accounts, the hackers sent out tweets posing as charitable donations in the form of Bitcoin due to the COVID-19 pandemic, urging people to send amounts of Bitcoin to receive that doubled amount.
The victims who sent Bitcoin, of course, never received any reward in return and the bad actors were able to get away with more than $100,000. Meanwhile, more than 130 celebrity Twitter accounts were affected by the scam, including Kim Kardashian and Kanye West.
Ultimately, investigations determined that the hackers used administrative tools to bypass account security, thus the actual celebrities were unable to protect themselves. However, this was once again a case where many celebrities were using the same password across multiple accounts, leaving them vulnerable.
The massive iCloud hack known as “Celebgate” took place between 2014 and 2017 and affected nearly 100 famous women, including Rihanna, Scarlett Johansson and Ariana Grande, whose private images were shared across the internet.
The hack could have taken place at the time because, in 2014, Apple didn’t block accounts that had repeated login attempts. So one method that bad actors tried was to simply try to guess passwords over and over again. Another method was to try to find a weakness within Apple’s software, which they did in the Find my iPhone app. They used this to find the Apple IDs and email addresses of celebrities and use them to send phishing emails requesting confirmation of usernames and passwords.
Emails would be sent from addresses like appleprivacysecurity and the text and formatting would be identical to what was actually sent by Apple. Unsuspecting celebrities would enter their Apple login information and send it directly to the hackers.
During “Celebgate,” more than 500 compromising photos were distributed online, first to the 4Chan image board, and later to other social media websites such as Imgur and Reddit.
Ways cybercriminals can gain access to passwords
There are many ways hackers can gain access to security information, such as passwords, or bypass passwords entirely to access accounts. Some popular methods include data breaches and malware or ransomware. However, there are other methods, when used alone or combined with the aforementioned attacks they can lead bad actors directly to the passwords they want.
brute force attacks: Hackers can try to guess your password using software programs that contain common password settings. In particular, in recent times, cybersecurity researchers have been studying the PassGAN tool, which uses AI to crack common passwords of four to seven characters in seconds. The tool was trained on a dataset that has collected popular breach information from businesses over several years.
Social engineering: Hackers can try to guess your password based on your personal information, either by trying to trick you into divulging details or by searching social media or other profiles for clues about your password. These may include your address, your first name, last name or date of birth, among others. This is similar to the attacks by Donald Trump and Paris Hilton.
Phishing scams– Hackers may attempt to send emails that look like legitimate businesses and interacting with links or entering your personal information may send your data directly to bad actors. This is similar to the Celebgate attack. Phishing attacks can also unintentionally install malware on a device, which then gives remote access to hackers’ passwords.
Tips to keep your password safe
A general theme of many of these hacks was that the public figures involved did not have password best practices. However, many of us follow in his footsteps. Here are some tips you can use to keep your passwords safe.
- Avoid using easy-to-guess passwords.
- Spend a little more time developing a unique password.
- Use a password manager.
- Don’t use the same password on multiple platforms.
- Remember that companies will never ask you for your password.
- Implement 2-Step Verification on a device or service.
- Beware of phishing scams, and keep company email addresses prominent or in your address book from past interactions so you’re familiar with them.