The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
The hack that created millions of morally challenged voyeurs—and, depending upon which celebrity they downloaded, child sex offenders—also provided us with a teachable moment. It exposed the use of security questions in online authentication as a quaint artifact of an antiquated Internet culture.
We talk a lot about personally identifiable information (PII) in the data security business, but rarely do people realize exactly what that can include, and how much of that information is readily accessible online—not to mention how much PII they may be unwittingly putting out there in the overheated look-at-me world of social networking. For celebrities who are profiled and interviewed all the time, PII is everywhere.
As the smoke clears from this latest attack on privacy and our collective sense of decency, it’s becoming more and more likely that a deft use of personally identifiable information was used to unlock the nude celebrity photo troves that flooded the Internet with requests for all those ill-gotten images and videos.
Specifically, it appears the hacker (or hackers) targeted their victims in a mechanical way. The specifics are still unknown, but a good guess would be that whoever was behind the attack started with an email address and drilled down into specific iCloud photo folders using PII gleaned from material readily available online to answer security questions.
Even if it turns out that this was not the way it happened here, it’s time for a little moral jiu-jitsu to neutralize the threat of PII-based attacks. But before I say another word, it’s imperative you bear in mind that there is no fix here. Identity theft and data-related crimes are the third certainty in life. They vie for primacy with death itself. You are going to get got, and you may even get got taking my advice—but you owe it to yourself to make yourself as safe as you can. The wolves of cybercrime pick off the weakest among us first. Regularly monitoring your credit scores, credit reports and financial accounts can help you catch an identity thief quickly (you can check your credit scores for free every month on Credit.com), and smart account security can make you a less-attractive target for hackers.
So what should you do? Lie. You heard me—lie through your teeth. Fabricate, prevaricate, dissemble and say things that resemble nothing that might be construed as being even the slightest bit truthful regarding the particulars of your life. Lie like you were in a nose-growing contest with Pinocchio.
Mark Twain once famously said, “If you tell the truth, you don’t have to remember anything.” Wise advice, but he didn’t know anything about hackers, PII or online security questions. If the flood of hacked celebrity nude photos of late taught us anything, it’s that security questions must always be answered with lies. When creating answers to your security questions, it’s all about consistency — not veracity.
The fact of the matter is that any site containing anything of value that belongs to you—whether photos or finances—should safeguard that data on encrypted servers protected by multifactor authentication. It’s definitely time to get rid of the challenge-answer formulas, and knowing the “right” secret image won’t protect you forever because a patient thief can guess as many single-try logins as are needed until they find the right answer. Lies can at least get you past “what you know” to something more like “what you created,” and for now that may be your best bet.
Of course it would be ideal if all the places we go online used better authentication protocols (and that’s where things are headed), but in the meantime—whether you sext or not—consider the lie. Have some fun with where you were born, or who your favorite guitarist is, all the while keeping the wolves at bay—or at least out of your personal files.
Image: Roman Barelko
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams