iCloud hack of revealing celebrity photos shows we are all vulnerable

JHU internet security expert: 'Be aware of what you're putting on your phone'

What fills up your iPhone's photo album? Selfies? Snaps of gourmet meals gone by? Anything you'd rather not mention or moments not meant for the world to see? Then you better know about two factor authentication.

That's the advice JHU information security expert Matthew Green shared during an interview this week on NPR's All Things Considered. Green, an assistant research professor at the Johns Hopkins Information Security Institute, was brought on the show to talk about how hackers might have gotten their hands on the intimate photos of dozens of celebrities like actress Jennifer Lawrence and model Kate Upton.

In his conversation with host Melissa Block, Green suggested that the photos might have been pulled from the stars' iCloud accounts, where backup photos from iPhones are stored automatically.

BLOCK: There is also this issue, that this whole thing raises, which is that some of the people who were victimized here had deleted photographs on her iPhones but those photos still exist in the cloud.

GREEN: So, this is one of the hardest things. I mean, we have backups of our phone and by default when you buy an iPhone it will ask you to make a backup. When you delete things from your phone, usually you're doing that on purpose. You want it to go away. But right now the way the cloud works is it doesn't know that. It keeps copies of things as a back, for a long time potentially. That means they're vulnerable to hackers or anybody else who might want to get their hands on them.

In this case, the bad guys may have used tenacious password-busting software—or even just really good guesses—to gain unauthorized access.

BLOCK: So, if you're vulnerable how can you do your best to protect the data that you do have?

GREEN: Well, right now we don't have great solutions but the number one thing is pick a very good password, even if that means it's a little bit of hassle to enter it. The number two thing is, you know, be aware of what you're putting on your phone. And the number three thing - which is a bit of inconvenient, is try something called, two factor authentication. What that does is it means that Apple will send you, for example, a text message every time somebody tries to log into your account and only the person who receives that text message will be able to continue and login.

Read more from NPR