From Lady Gaga to Barack Obama and intimate photo leaks to Bitcoin scams, celebrities are big targets for hacking
“I got hacked!” Every time a celebrity gets caught posting something they shouldn’t, we hear this common refrain. But sometimes, they actually do get hacked — and the consequences can be disastrous. From intimate photo leaks and extortion attempts to using multiple celebrity accounts to scam others, let’s look at several of the worst celebrity hacks to show you how they happened and examine the fallout.
In 2020, a small team of teenage hackers hijacked 130 high-profile Twitter accounts — including some of the platform’s most-followed celebrities such as Barack Obama, Elon Musk, Kanye West, and Bill Gates — to carry out a Bitcoin scam over the popular social network. The attack netted the hackers over $110,000 in Bitcoin within just a few minutes.
Posing as the celebs, the hackers posted scam tweets inviting others to send Bitcoin and receive double the amount in return — but of course, no Bitcoin would be sent back. The hackers used social engineering tricks to fool Twitter employees into handing over access to the site’s administrative tools, which they then used to control the hacked accounts.
Does it seem strange to you that Joe Biden, Floyd Mayweather Jr., and even Apple would offer you Bitcoin over Twitter? If so, good — the ability to use common sense to detect that something “feels” wrong is one of your best defenses in identifying and avoiding scams, both online and off.
Celebrity law firm Grubman Shire Meiselas & Sacks, which counts among its clients such A-listers as Madonna, Lil Nas X, Robert De Niro, and LeBron James, recently found itself on the receiving end of a massive hack.
In May 2020, the noted hacking collective REvil — also known as Sodinokibi and one of the world’s most dangerous hacking groups — claimed to have stolen over 750 GB of contracts, emails, NDAs, and other sensitive data. REvil (short for Ransomware Evil) initially demanded a ransom of $21 million, then doubled it. Refusing to pay, the law firm instead turned to the FBI for help.
Undeterred, REvil released portions of the stolen data, including a Madonna contract and gigabytes of data concerning Lady Gaga (including such groundbreaking revelations as the latter’s preference for Jeff Koons artwork, taste concerns notwithstanding).
The hackers followed up on these decidedly un-juicy bombshells by releasing 169 essentially harmless emails that happened to reference Donald Trump in one way or another — hardly the earth-shattering scandals one might have expected.
REvil continued to wreak havoc with ransomware attacks until they suddenly, and seemingly inexplicably, disappeared from the internet in July 2021.
What would you do if a hacker stole a bunch of your private data, then threatened to release it unless you paid them a $150,000 ransom? If you’re Radiohead, you simply release the stolen material yourself.
In 2019, guitarist Jonny Greenwood tweeted that bandmate Thom Yorke’s minidisk archive had been hacked. Rather than pay the hackers, the band chose to get in front of the extortion attempt and upload the stolen material themselves as a charity drive. Radiohead released the recordings on Bandcamp, then donated the revenues to Extinction Rebellion, a global environmental activism movement.
While releasing your own blackmail is not a path everyone can take, Radiohead’s refusal to pay the ransom is an important lesson. When you pay ransoms — such as those demanded by ransomware — you’re showing hackers that extortion is an effective way to make money, while funding future instances of cybercrime. The US Federal Bureau of Investigation (FBI), for its part, has also been clear about not paying ransoms.
Even Jeff Bezos, the world’s wealthiest man, isn’t immune to hacking. In 2018, Bezos received a video sent from the WhatsApp account of Saudi Arabia’s Crown Prince Mohammed bin Salman. The two were acquainted, so it wasn’t out of the ordinary that the prince might pass along a link to a chuckle-worthy clip.
When Bezos opened the video file, his phone immediately began transmitting gigabytes of data — reportedly including photos of Bezos, then still married, with his girlfriend. Bezos’s experience is a potent reminder why you should never open attachments you aren't expecting to receive (even from crown princes), because you never know when it might be a phishing attack in disguise.
The vilest kind of hackers delight in causing harm. In a series of wide-ranging hacks known as The Fappening or Celebgate, many celebrities — mostly women — found their most intimate photos freely available on the internet.
The attackers reportedly used password-cracking software to brute-force attack the iCloud passwords of the victimized celebrities, with Apple later claiming that the victims had been spear-phished (a targeted phishing attack). The stolen photos were initially released through the popular message board website 4chan, before being shamelessly distributed across Reddit, Imgur, Tumblr, and other social media sites.
Many of the victims, including Jennifer Lawrence, Mary Elizabeth Winstead, and Kirsten Dunst, confirmed the authenticity of the stolen photos. Over the following years, several hackers were convicted of various cybercrimes related to the initial hack. And while similar leaks have taken place more recently, none have matched the scale and notoriety as the first.
Most of the time, celebrities get hacked the same ways anyone else does. They use weak passwords, fall for social engineering tricks, or suffer from data leaks when larger organizations holding their data are breached.
Here’s a closer look at the most common techniques hackers use to hack the stars — techniques we can all fall victim to if we’re not careful.
Getting hacked is stressful, but if it happens to you, there’s plenty you can do about it. Here’s how you can fight back against the hackers to recover your data, regain control over your devices and accounts, and help protect your friends and family.
The best protection against hacking is prevention. Here’s how to make yourself as unhackable a target as possible:
Most hacks happen by accident. People get fooled by phishing attacks, forget to update their software, and don’t always protect their devices with security tools. But you don’t have to be on your own when it comes to taking care of all this and staying safe online.
Avast is your always-on ally in the fight against hacking. Defend against malware, phishing attacks, malicious websites, and all the other tricks hackers use to infiltrate your devices, crack your passwords, and grab your data. Protect yourself with a top-rated security partner, 100% free.
The promise of a free movie download led thousands of people into unintended malware.
Avast recently discovered a series of malicious browser extensions on the Chrome Web Store that are spreading adware and hijacked search results.