How Do Stars' Private Photos Get Hacked So Often?

ETONLINE

A former cyber thief tells ET how criminals gain access to celebrities' most private images.

Nude photo rumors are pretty commonplace for most Hollywood actresses, so when Big Bang Theory star Kaley Cuoco first got an email alert about this summer’s iCloud photo hack, she didn’t think much of it.

"This one came up, and I was like, 'Oh, it’s another fake one,'" she told late night host Jimmy Kimmel. "I looked and I was like, oh my god, there are some real ones."

It’s estimated that up to one hundred celebrities, including Cuoco, Jennifer Lawrence, and Kate Upton, were victimized by the latest security breach, when hackers broke into Apple iCloud accounts and posted the photos to online imageboard 4chan.

NEWS: Jennifer Lawrence Calls Nude Photo Hacking a 'Sex Crime'

It’s a heinous crime, but stars like Anchorman 2’s Meagan Good said that the violation of her privacy was not the most upsetting consequence.

"There was a lot of victim blaming," she told ET. "It was probably worse than the actual pictures coming out."

The iCloud hackers invaded her privacy, but Good told ET that the public backlash made her feel victimized all over again.

"There was a lot of 'You shouldn’t take those kinds of pictures,'" she said. "They really kind of missed the point. The point is numerous people were violated."

NEWS: Clay Aiken Thinks Victims of Nude Photo Leak Deserve What They Get

ET enlisted the help of Kevin Mitnick, a hacker who was once the FBI's most-hunted cyber thief, and security expert Satnam Narang to explain how celebrities get hacked and steps everyone can take to keep their private information out of the hands of hackers.

"Would one hundred celebrities really have weak passwords?" Mitnick questioned. "That to me is highly suspicious. I suspect there is something Apple hasn’t told the public, like maybe how the hackers found a way to get access to the cloud environment."

The security experts offer 4 tips for protecting your information online:

1. Protect your identity

"Never use your social security number, your date of birth, your mother's maiden name, or your drivers license number to prove your identity." Mitnick told ET. That information, he said, is far too easy for hackers to obtain online.

2. Watch out for malware

"If somebody is able to get to your device physically, for one minute, they can install malware," Mitnick explained to ET. Malware is spy software on your mobile device that allows hackers to listen to conversations, monitor text messages, and gain access to your photos and call log.

3. Don’t get caught by "phishing"

"Phishing is when you yourself are targeted by an email or an SMS message claiming that your iCloud is locked and that you need to provide information to unlock it," Narang explained. As Senior Security Response Manager for Symantec, an online security company, Narang understands how hackers take advantage of users, gaining access to their personal data by sending false warnings about resetting passwords or confirming identity.

4. Strong passwords

"People tend to use easy passwords like 'password123,'" Narang told ET, explaining that hackers use "brute force" programming, bombarding your account with thousands of potential password combinations in the hopes of getting lucky. "They try all of these known combinations, as well as stuff from the dictionary, because most people don't really have strong passwords."

NEWS: Mary Elizabeth Winstead Responds to Leaked Nude Photos

The photos from this summer's celebrity hack have been removed from 4chan, but as everyone knows, nothing ever really disappears from the internet. Thousands of screenshots and cached images that still exist on blogs and websites around the world should serve as a warning to everyone to make sure their information is protected as much as possible, experts told ET.

"There's so many different ways the bad guys can protect their true identity, that it's really up to the service providers and up to you and I to protect our own identity," Mitnick warned. "You can’t assume Google, Apple, and Microsoft are going to do it for you."