What Can We Learn From a Celebrity Hack?

It’s tough to be famous. Having A-lister celebrity status and the wealth that goes along with it might seem glamorous from the outside, but recent cybersecurity issues have proven that it’s not all private jets and red carpets.

A major headlining data breach in 2014 affected the private email accounts of more than 300 well-known people, including actresses like Jennifer Lawrence and Emma Watson. The hacker was caught and sentenced last month to only nine months in jail after leaking nude pictures of his victims online.

How did the hacker, Edward Majerczyk of Chicago, pull it off? A simple phishing attack. He emailed his victims with what appeared to be a letter from their internet service providers, informing them of an issue with their accounts. The celebrities—or quite possibly, their staff members—turned over their usernames and passwords.

British soccer star and model David Beckham recently suffered a ransom attack when his sports management agency was breached by hackers who then demanded a hefty ransom payment in exchange for not releasing the contents of his email online. Beckham, whose email was handled by the agency on his behalf, was not the only victim. The agency handles accounts for other top-notch athletes like Usain Bolt and Xavi Hernandez, and more than 18.6 million emails were held hostage.

The agency refused to pay the ransom and the emails were leaked. While they did contain a few embarrassing rants, there was apparently nothing genuinely career-ending in any of them.

Reports have surfaced of another well-known actress, Emily Ratajkowski, whose iCloud account was breached by a hacker. The link to the exposed account was sent to an online tabloid reporter with instructions to publish it, apparently for no fee whatsoever. The hacker seems to simply want to expose the actress’ very private photos and personal emails. Ratajkowski was also one of the victims of the 2014 celebrity hacking.

Why are celebrities such hot targets for this kind of thing? Mostly because there’s an audience for it. Even people who would never think it’s okay to steal someone’s identity, or break into their email accounts, might be tempted to click on the photos; after all, they weren’t the ones who hacked it, so they didn’t do anything wrong. But that’s actually not the case. Remember back to high school: the kid who stole a copy of the answer key from the teacher’s desk got in trouble, but so did everyone who looked at it in order to get the answers to the test. Viewing stolen content is still wrong, even if you’re not the one who originally had a hand in the theft.

It’s small comfort that this kind of celebrity attack is nothing new. For decades, paparazzi have stood waiting to snap famous people’s pictures and “gossip rag” reporters have dug through their trash cans for some dirt. Unfortunately, the digital age has just made the work of exposing people’s private lives easier and more effective. That trash can might have held a handful of pictures even just a few years ago, but an actor’s cloud storage account today can hold thousands or even tens of thousands of images and files.

What can the average citizen do in these cases? Refuse to play the game. For some hackers, the “street cred” of pulling off a major attack is all the compensation they want, but for many others, there’s big money to be made off of leaked photos or emails. When we peruse those stolen files, we’re making hacking both lucrative and more widespread. Don’t play along, and don’t support it. After all, today it might be a big celebrity’s personal account, but tomorrow it could be yours.