14 DAY TRIAL // Malicious actors have managed to obtain access to the Samsung Cloud accounts of a number of high-profile South Korean celebrities, including actors, K-pop stars, and chefs, to extract sensitive information like photos, videos, and conversations.
The attackers, who may not be based in South Korea, are now trying to blackmail their victims, asking for thousands of dollars in return for not publishing the compromising content online.
A report from South Korean website Nate reveals that content stolen from the account of actor Jo Jin-mo has already been posted online after he refused to pay the extortionists. Others, however, are believed to have paid ransoms worth thousands of dollars to prevent an online leak of their photos and videos.
At the time of writing it’s still not clear if access to the Samsung Cloud accounts was obtained following a hack or due to celebrities using the same credentials as on other services.
The Fappening
Hackers often attempt to break into various accounts using usernames and passwords obtained from past breaches. This is because a worrying number of users stick with the same username and password on more than one service without enabling two-factor authentication. In the case of the Samsung Cloud incident, it’s believed 2FA wasn’t activated for the compromised accounts.
Samsung is yet to provide a statement on the incident, but at this point, law enforcement is said to be looking into more than 10 such breaches.
The incident reminds of “The Fappening” saga that involved personal content stolen from the iCloud accounts of several top-rated celebrities both in the United States and elsewhere. The hackers managed to break into iCloud accounts using phishing emails, eventually leaking nude materials to the web.
The aforementioned source, however, claims it indeed managed to access Samsung Cloud backups to a new phone only with a username and password, so there’s a chance that in this case, we’re not necessarily talking about a hack, but rather about ignoring the simplest security recommendations that would help keep an account protected.