The Fappening made headlines over a year ago, and Feds are still hunting down the hackers responsible for releasing hundreds of naked celebrity photos. Now there’s been a new celebrity hack, one that might be slightly more terrifying.

This week, a 23-year-old was charged with breaking into 130 celebrities’ personal accounts by stealing passwords and installing malware. The malware helped the accused hacker, Alonzo Knowles, steal email inboxes, sex tapes, naked photos, unreleased scripts, and the celebrities’ personal information, even social security numbers. Feds caught Knowles by posing as a buyer and attempting to acquire some of the hacked material and ended up charging him with felony criminal copyright infringement and identity theft.

Advertisement

The legal side of the story is only half as interesting as Knowles’ state strategy. The New York Times describes the basic method:

Mr. Knowles, who went by the name Jeff Moxey on email, acknowledged to an undercover investigator that it was difficult to hack someone directly when he is “going after a high-profile celebrity,” according to the complaint. So instead, he looked through photos for friends of the celebrity, and then hacked the friends’ accounts in order to find the celebrity’s personal information.

The side door approach makes sense. Once he knew the celebrity’s email or phone number, Knowles told the undercover investigators that he’d either a) text them claiming their email had been hacked with a link to reset the password or b) asend them n email containing a virus that would give him access to the celebrity’s computer. Then, in the words of the complaint, Knowles “changed the settings in the victim’s email account in order to maintain long-term access to it.” Knowles just had to wait for the good stuff to arrive, so he could sell it to the highest bidder. The victims’ names were not listed in the complaint.

Advertisement

Advertisement

So it’s basically a high stakes phishing attack. The celebrity—just like you or me might—got tricked into typing a password into a field built by a hacker. Obviously, whomever did the hacking maybe got a little cocky, since he tried to sell the private information to cops. However, it’s a little frightening to see how sloppy security habits can easily give an intruder access to everything you do online. Just imagine if every single one of your emails got copied and sent to 4chan.

It’s very unclear if this Knowles character has anything to do with last year’s celebrity nudes hack. Unlike the Sony hacks, which was the result of a broader institutional failure, the spate of celebrity attacks was due to careless users. Users, like you and me.

So folks, let’s review. You should always do two-step authentication, and you should never type your passwords under dodgy circumstances. Your private data is worth something to someone. So how much is security worth to you?

[New York Times]

Criminal Complaint Against Alonzo Knowles

Image via Getty