Security News

The worst celebrity hacks

Ivan Belcic 21 Oct 2021

From Lady Gaga to Barack Obama and intimate photo leaks to Bitcoin scams, celebrities are big targets for hacking

“I got hacked!” Every time a celebrity gets caught posting something they shouldn’t, we hear this common refrain. But sometimes, they actually do get hacked — and the consequences can be disastrous. From intimate photo leaks and extortion attempts to using multiple celebrity accounts to scam others, let’s look at several of the worst celebrity hacks to show you how they happened and examine the fallout.

The celebs want your Bitcoin

In 2020, a small team of teenage hackers hijacked 130 high-profile Twitter accounts — including some of the platform’s most-followed celebrities such as Barack Obama, Elon Musk, Kanye West, and Bill Gates — to carry out a Bitcoin scam over the popular social network. The attack netted the hackers over $110,000 in Bitcoin within just a few minutes.

Posing as the celebs, the hackers posted scam tweets inviting others to send Bitcoin and receive double the amount in return — but of course, no Bitcoin would be sent back. The hackers used social engineering tricks to fool Twitter employees into handing over access to the site’s administrative tools, which they then used to control the hacked accounts.

Does it seem strange to you that Joe Biden, Floyd Mayweather Jr., and even Apple would offer you Bitcoin over Twitter? If so, good — the ability to use common sense to detect that something “feels” wrong is one of your best defenses in identifying and avoiding scams, both online and off.

Lawyers to the stars get hacked

Celebrity law firm Grubman Shire Meiselas & Sacks, which counts among its clients such A-listers as Madonna, Lil Nas X, Robert De Niro, and LeBron James, recently found itself on the receiving end of a massive hack.

In May 2020, the noted hacking collective REvil — also known as Sodinokibi and one of the world’s most dangerous hacking groups — claimed to have stolen over 750 GB of contracts, emails, NDAs, and other sensitive data. REvil (short for Ransomware Evil) initially demanded a ransom of $21 million, then doubled it. Refusing to pay, the law firm instead turned to the FBI for help.

Undeterred, REvil released portions of the stolen data, including a Madonna contract and gigabytes of data concerning Lady Gaga (including such groundbreaking revelations as the latter’s preference for Jeff Koons artwork, taste concerns notwithstanding).

The hackers followed up on these decidedly un-juicy bombshells by releasing 169 essentially harmless emails that happened to reference Donald Trump in one way or another — hardly the earth-shattering scandals one might have expected. 

REvil continued to wreak havoc with ransomware attacks until they suddenly, and seemingly inexplicably, disappeared from the internet in July 2021. 

Radiohead hack themselves

What would you do if a hacker stole a bunch of your private data, then threatened to release it unless you paid them a $150,000 ransom? If you’re Radiohead, you simply release the stolen material yourself.

In 2019, guitarist Jonny Greenwood tweeted that bandmate Thom Yorke’s minidisk archive had been hacked. Rather than pay the hackers, the band chose to get in front of the extortion attempt and upload the stolen material themselves as a charity drive. Radiohead released the recordings on Bandcamp, then donated the revenues to Extinction Rebellion, a global environmental activism movement.

While releasing your own blackmail is not a path everyone can take, Radiohead’s refusal to pay the ransom is an important lesson. When you pay ransoms — such as those demanded by ransomware — you’re showing hackers that extortion is an effective way to make money, while funding future instances of cybercrime. The US Federal Bureau of Investigation (FBI), for its part, has also been clear about not paying ransoms.

Jeff Bezos gets phished

Even Jeff Bezos, the world’s wealthiest man, isn’t immune to hacking. In 2018, Bezos received a video sent from the WhatsApp account of Saudi Arabia’s Crown Prince Mohammed bin Salman. The two were acquainted, so it wasn’t out of the ordinary that the prince might pass along a link to a chuckle-worthy clip.

When Bezos opened the video file, his phone immediately began transmitting gigabytes of data — reportedly including photos of Bezos, then still married, with his girlfriend. Bezos’s experience is a potent reminder why you should never open attachments you aren't expecting to receive (even from crown princes), because you never know when it might be a phishing attack in disguise.

2014 iCloud sensitive photo leaks

The vilest kind of hackers delight in causing harm. In a series of wide-ranging hacks known as The Fappening or Celebgate, many celebrities — mostly women — found their most intimate photos freely available on the internet.

The attackers reportedly used password-cracking software to brute-force attack the iCloud passwords of the victimized celebrities, with Apple later claiming that the victims had been spear-phished (a targeted phishing attack). The stolen photos were initially released through the popular message board website 4chan, before being shamelessly distributed across Reddit, Imgur, Tumblr, and other social media sites.

Many of the victims, including Jennifer Lawrence, Mary Elizabeth Winstead, and Kirsten Dunst, confirmed the authenticity of the stolen photos. Over the following years, several hackers were convicted of various cybercrimes related to the initial hack. And while similar leaks have taken place more recently, none have matched the scale and notoriety as the first.

How do celebs get hacked?

Most of the time, celebrities get hacked the same ways anyone else does. They use weak passwords, fall for social engineering tricks, or suffer from data leaks when larger organizations holding their data are breached. 

Here’s a closer look at the most common techniques hackers use to hack the stars — techniques we can all fall victim to if we’re not careful.

  • Social engineering: Social engineering attacks manipulate victims into disclosing sensitive personal information or access to confidential assets. Many hackers will scour a victim’s social media profiles for data they can leverage in an attack.

  • Phishing: Phishing attacks use fraudulent emails, text messages, and other communications to deceive victims into disclosing sensitive information. Phishing scams are very old and very common — the “Nigerian Prince” trope is a notorious example.

  • Data breaches: By breaching the data vaults of large organizations, hackers can capture usernames, passwords, and all sorts of other valuable personal data. After a data breach, the stolen data is often made available on the dark web, where others can buy it to commit identity theft and fraud. You can protect yourself against data breaches with Avast BreachGuard. By alerting you if and when any of your personal data is leaked or appears on the dark web, BreachGuard helps you respond ASAP so you can regain control of your data before anyone can use it to access your accounts.

GET AVAST BREACHGUARD

  • Ransomware: One of today’s most dangerous and fastest-growing online threats, ransomware infects your device, hijacks your data, encrypts it, then holds it hostage while demanding a ransom payment. Many victims choose to pay the ransom, which drives up ransom rates while incentivizing the development of more sophisticated ransomware attacks.

  • Password cracking: Did you know that 83% of Americans use weak passwords? Even celebrities sometimes get lazy with their passwords. After a 2012 LinkedIn breach, Facebook CEO Mark Zuckerberg was caught reusing his passwords, as hackers were able to access several more of his accounts using the same password. Other hackers have successfully guessed or cracked the passwords of their victims, often by using personal information obtained via phishing.

What can you do if you get hacked?

Getting hacked is stressful, but if it happens to you, there’s plenty you can do about it. Here’s how you can fight back against the hackers to recover your data, regain control over your devices and accounts, and help protect your friends and family.

  1. Isolate the hacked device: Unplug any Ethernet cables and disable Wi-Fi on the hacked device. This will prevent any malware from spreading or sending data back to the hacker.

  2. Change your passwords: Using an unhacked device, create long, hard-to-guess, and unique passwords for all your accounts and devices — we recommend using passphrases. Strong passwords will lock hackers out of your accounts and prevent them from using old passwords to log back in.

  3. Report the hack and recover your accounts: Most online services, such as Gmail or Facebook, have specific procedures in place for reporting hacks. Follow these procedures for each hacked account to regain control.

  4. Run an antivirus scan: Since hacks often involve malware, run an antivirus scan immediately with a strong malware scanner. The scan should detect and remove any malware on your device. Avast detects, blocks, and removes malware in real time. Keep hackers out of your devices for good with a 100% free cybersecurity app.

  5. Wipe your device and reinstall your operating system: If you’ve backed up your data or cloned your hard drive, you can restore your device from a clean backup created before the hack occurred. If you don’t know how to do this, bring your device to a professional security expert.

  6. Alert the authorities and relevant organizations: Contact the relevant authorities in your country or region to report the attack. Hacking is a cybercrime and should always be reported — this is how you can help prevent future attacks. If your financial accounts have been hacked, alert your bank or financial institution immediately.

  7. Tell people you know: It’s natural to feel embarrassed or ashamed after getting hacked, especially if you were fooled with a phishing scam or social engineering trick. These feelings are normal, and as the stories in this article show, you’re not alone. Tell your friends, family, and colleagues what happened, so they can protect themselves as well.

  8. Monitor your financial accounts: Look for suspicious charges or withdrawals. Some hackers will obtain your login credentials and then wait before acting. Keep a close eye on your financial accounts so you can spot unusual activity and report it ASAP.

DOWNLOAD FREE AVAST ONE

How to prevent being hacked

The best protection against hacking is prevention. Here’s how to make yourself as unhackable a target as possible:

  • Use strong passwords: Password laziness is a leading cause of hacking. Protect all your accounts and devices (including your Wi-Fi network) with passwords (or passphrases) that are at least 15 to 20 characters long, hard to guess, and used only on one account.

  • Use a password manager: The best password managers will securely store your passwords and randomly generate new ones for you. The only password you’ll need to remember is the master password that unlocks your password manager.

  • Use two-factor authentication: Activate two-factor authentication (2FA) on any accounts that support it. 2FA prevents hackers from logging in with your password alone, as they’ll need something else to go along with it — a fingerprint, an authentication code, or another type of confirmation.

  • Always update your software: Many hacks, such as the recent Pegasus iOS hack, exploit security vulnerabilities in software to infect devices. Update your software to close these holes whenever you can.

  • Don’t open unfamiliar attachments: Email hacking attacks often work by convincing you to download and open an infected attachment. Never engage with attachments you aren’t expecting to receive, even if they’re from people you know. Jeff Bezos learned this lesson the hard way, but you don’t have to.

  • Don’t click strange links: Phishing emails will encourage you to click links that lead to malicious websites that can infect your device with malware. Don’t click suspicious links in emails, social media posts, forum threads, or elsewhere.

  • Use an ad blocker: Malvertising is the use of infected ads to steal your data or install malware. The best ad blockers will prevent you from seeing any ads, including infected ones, protecting you against malvertising.

  • Use a VPN: A VPN encrypts your internet connection, preventing anyone from eavesdropping and picking up the data you send back and forth. Protecting your data with a VPN is especially important when using unsecured public Wi-Fi networks.

  • Monitor your accounts for data breaches: Follow tech news to learn about the data breaches making headlines. If a service you use gets hacked, act immediately to secure your data against the breach.

  • Use security software: Internet smarts will only get you so far — we all make mistakes. A reliable antivirus tool will detect and block malware infections and other intrusions before they occur, while cleaning out any infections currently on your device.

Most hacks happen by accident. People get fooled by phishing attacks, forget to update their software, and don’t always protect their devices with security tools. But you don’t have to be on your own when it comes to taking care of all this and staying safe online.

Avast is your always-on ally in the fight against hacking. Defend against malware, phishing attacks, malicious websites, and all the other tricks hackers use to infiltrate your devices, crack your passwords, and grab your data. Protect yourself with a top-rated security partner, 100% free.

DOWNLOAD FREE AVAST ONE