TIME Security

Apple Says Systems Weren’t Hacked in Nude Pics Grab

86th Annual Academy Awards - Arrivals
Actress Jennifer Lawrence attends the 86th Oscars held at Hollywood & Highland Center on March 2, 2014 in Hollywood. Jeff Vespa—WireImage/Getty Images

The hackers targeted users, not Apple's systems

Apple said Tuesday that hackers who posted hundreds of nude images of celebrities over the weekend didn’t penetrate its systems, but rather got access to the pictures through a “very targeted attack on user names, passwords and security questions.”

That type of attack, which ensnared celebrities including Jennifer Lawrence and Kate Upton, is known as a “brute-force attack,” in which hackers simply try a wide variety of username and password combinations in an attempt to gain access to a target’s account. It’s much simpler—and often less effective—than more complex attacks, but it can be effective if the targeted service doesn’t put a limit on the number of times a user can try to log in before it locks them out. In a brute-force attack, hackers often employ software specially written to come up with random combinations of usernames and passwords, vastly speeding up the process.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone,” Apple said, meaning the attack targeted individual users rather than Apple’s systems as a whole. “We are continuing to work with law enforcement to help identify the criminals involved.”

Apple also advised users to turn on what’s called Two-Step Verification, which adds an extra layer of protection to online accounts. Essentially, two-step verification means that after users enter their memorized password, the service to which they’re logging in text-messages them a secondary, randomly-generated code. Users gain access to their account only after that secondary code is entered.

Two-step verification can foil a brute-force attack because it’s nearly impossible for hackers to gain access to targets’ phones.

TIME Smartphones

These Budget Smartphones Sold Out in India in 4.2 Seconds

Xiaomi Smartphones Sell Out in 4.2 Seconds in India
A Redmi smartphone from Xiaomi. Bloomberg via Getty Images

The Chinese smartphone maker is trying to crack other Asian markets—and it's working

Online sales of budget smartphone maker Xiaomi’s new Android phone were gone in India before many even had a chance to click.

Known as “China’s Apple,” Xiaomi sold all 40,000 units of its low-cost Redmi 1S within 4.2 seconds on Flipkart, an online marketplace that does business exclusively in India, according to Hugo Barra, Vice President of Xiaomi Global.

Those unable to swipe one of the phones took to Xiaomi India’s Facebook Page or Twitter to vent their frustration, criticizing the Chinese firm for entering one of the world’s largest markets with limited supply. A previous flash sale of Xiaomi’s Mi 3 phone was met with similar success—and annoyance—when 20,000 devices sold out in 2.4 seconds, according to NDTV. Registrations have already kicked off for another round of online Redmi 1S sales.

In India, Xiaomi is attempting to replicate the success it achieved in China. Only three years old, Xiaomi has become explosively popular in its home country thanks to its affordable pricing and personalized design, recently outnumbering shipments of phones compared to its biggest competitor, Samsung. While Samsung claims the largest market share in India’s smartphone market, Xiaomi is attempting to stake a place with its low-priced smartphones: the Redmi 1S, priced at Rs 5,999 ($100), remains equally affordable as, if not moreso than, Samsung devices like the popular Galaxy smartphones, which tend to retail well over Rs 5,999 in India.

But Xiaomi has a long road ahead if it wants India to be its next China. Only less than 1% of Xiaomi’s global smartphone units were shipped outside China during Q2 2014, according to tech intelligence firm Canalys. And a formidable competitor is approaching, too: Google has set a Sept. 15 event in India, which many expect will mark the Indian launch of a cheap Android One, according to NDTV.


TIME legal

Here’s How Celebs Can Get Their Nude Selfies Taken Down

Lionsgate's "The Hunger Games: Mockingjay Part 1" Party - The 67th Annual Cannes Film Festival
Jennifer Lawrence attends Lionsgate's "The Hunger Games: Mockingjay Part 1" party at a private villa on May 17, 2014 in Cannes, France. David M. Benett—;Getty Images for Lionsgate

The answer lies in copyright law

Imagine having nude images of yourself — images you believed to be private — shared against your will with millions of people around the Internet. It’s a pretty terrible feeling, and it’s exactly what happened to dozens of celebrities, from Jennifer Lawrence to Kirstin Dunst, who fell victim to a hacker who accessed their private cloud storage accounts and raided their contents.

Some of the celebrities, like Lawrence, have pledged to go after whoever’s responsible for the privacy violation. While the hacker remains unidentified, the victims have at least one weapon to try and stop the images from spreading any further: Copyright law.

Here’s how that could work: In the United States, copyrights on photos are granted to whomever took the image. Since so many of the stolen images are reportedly selfies, that means the women in the images took the photos themselves — and, therefore, they get the copyright on them.

Some background: In 1998, Congress passed the Digital Millennium Copyright Act, or DMCA, which toughened penalties for online copyright violators. Crucially, the DMCA introduced what’s called a “Safe Harbor” provision for online platforms, like Facebook, YouTube, Reddit and others (though they weren’t around at the time). The Safe Harbor deal is this: Sites like YouTube don’t need to pre-check the content their users upload for copyright violations, but they do have to respond to what’s called a takedown notice. Copyright holders can file those notices to websites they believe are illegally hosting their copyrighted content, and the Facebooks, YouTubes and Reddits of the world then have to go and see if the copyright holder’s claim is legit — and if it is, they have to ditch the content.

Takedown notices have gotten increasingly popular over the last four years; people are now filing millions more to Google alone compared to just a few years ago, for example. Such notices are “very effective,” said Aram Sinnreich, an assistant professor at Rutgers University’s School of Communication and Information, “because otherwise the sites can be found as contributorily liable to copyright infringement, and that can run into the millions of dollars.”

So what Jennifer Lawrence, Kate Upton, Kirsten Dunst or any of the other hacking victims could do is file a DMCA takedown notice while they fill out the paperwork for a formal copyright on their photos, assuming they took the images of themselves. If their takedown notices are ignored, they can then sue the sites in question for copyright violation.

Such a move could be a “smart strategy,” said Danielle Citron, a professor of law at the University of Maryland who’s working on a book about online hate crimes. But fighting this fire through DMCA is akin to playing digital whack-a-mole: Knock the images off one site that was hosting them, and they’ll appear on another. “[The victims] might be outpaced by the scale at which this stuff spreads,” Citron added.

DMCA takedowns have other weaknesses, too: Sites hosted in countries with less stringent copyright laws won’t feel the same pressure to respond to them, Sinnreich said. So the celebrities probably won’t have any luck getting their private images off websites hosted in Cambodia, for example, a country that’s not party to the international treaty on which the DMCA is based. And the copyright strategy won’t work for the women who didn’t take the photos and can’t get the copyright from whoever did.

Still, Citron believes the incident is an opportunity to raise awareness about women having their private images spread widely around the Internet against their will, which happens daily but doesn’t always grab headlines.

“This is the perfect example of a case in which we should grab the public’s attention,” said Citron. “I’ve been writing about this since 2007. And nude photos are just one form of online harassment, and everyone just kind of shrugs their shoulders and blame the victims, ‘you stupidly shared it,’ or ‘you got hacked,’ or ‘you shouldn’t have been taking these photos in the first place.’ And now the cultural consensus is . . . we’re not shrugging our shoulders, and we think this is a really bad thing. So I think this is a terrific moment in which we’re getting people to really see the problem for what it is.”

TIME Video Games

Destiny Launch Guide: 16 Facts to Get You Ready for the Game


If Bungie’s Destiny demos and beta are representative of the final game, then Halo may have spawned a new sub-genre. Call it “Halo-like.”

And Destiny seems like a card-carrying subscriber. A few months ago at E3 when I asked Bungie COO Pete Parsons why Destiny felt so much like playing Halo, I expected him to challenge the premise. Instead, he surprised me by embracing it.

While Destiny is clearly its own game with divergent gameplay ideas, Parsons spoke of a Bungie DNA that flows through all of its games (back to the company’s Mac-exclusive Marathon days, in fact). If you played the Destiny beta and you’re familiar with Halo‘s conventions, those strands — coiling through the game’s control scheme and user interface — are pretty much unmissable.

So is the game itself, if you’re paying even casual attention to the mega-marketing campaign. Over the weekend, running FXX’s The Simpsons as background noise in a vacation hotel room, the lofty-sounding Destiny trailer seemed to crop up every other commercial break. Publisher Activision, doubtless hoping Destiny has even longer legs than Halo, is clearly sparing the game no expense.

Here’s a rundown of everything (salient) that we know about the game in the run-up to its worldwide launch next week.

What is Destiny?

For the uninitiated: a first-person shooter that’s neither a single-player adventure nor a massively multiplayer online game, though it combines elements of both.

Imagine, to use Bungie’s terminology, a science fiction universe that’s “alive,” and which you can access while playing alone or with drop-in multiplayer companions. By “alive,” Bungie intends the game to be open-ended enough that unplanned events may occur, though whether that means the final version apes Guild Wars 2‘s player-driven events model, or something we’ve not yet seen, is still unclear.

Plot-wise, the game takes place several hundred years from now in a post-utopian period, after an event that leads to the near-extinction of humanity. You play as one of an elite group of “Guardians,” a band of super-soldier warriors, defending humanity from various hostile alien races.

When will it be available?

September 9 for PlayStation 3 and 4 as well as the Xbox One and Xbox 360.

Is there a launch trailer?

Of course:

There’s also a competitive multiplayer trailer, an “E3 Gameplay Experience” trailer and a bunch of locale-specific trailers that highlight the game’s various planetary battlegrounds.

How many versions are there?

The standard version is $60, whether you’re grabbing the retail or digital version, though GameStop’s offering in-game exclusives like an upgrade for the Sparrow (think Return of the Jedi‘s speeder bikes) if you order through them. And if you preorder the standard retail edition (by 2:00 p.m. PT on September 5) through the Microsoft Store, Microsoft will send along a $10 Xbox gift card and ensure your copy arrives by September 9.

Let’s step through the special editions, from most expensive to least.

  • If you’re in the market for a PlayStation 4, Sony’s selling a white PS4 bundled with the game and various PlayStation-exclusive in-game bonuses for $450.
  • On the retail side, Microsoft’s selling a Destiny “Ghost Edition” with the usual trinkets and geegaws for $150.
  • The “Limited Edition” for both the PS4 and Xbox One as well as the Xbox 360 (but not the PS3) includes upgraded packaging, a guide, a star chart and a few in-game items for $100.
  • On the digital end, the “Guardian Edition” for both PS4 and Xbox One as well as PS3 (but not the Xbox 360) includes a slew of in-game starter content.

The special editions each include the “Destiny Expansion Pass,” which goes for $35 by itself and unlocks “new story missions, cooperative and competitive multiplayer arenas, and a wealth of all new weapons, armor, and gear to earn,” as well as the game’s first two expansion packs: “Destiny Expansion I: The Dark Below” and “Destiny Expansion II: House of Wolves.”

What’s this I’ve seen about mobile versions?

Bungie’s released free companion apps for iOS and Android that let you keep tabs on your Guardian, analyze your stats, compare your scores and access the game’s forums.

Will the PlayStation 4 and Xbox One versions both run at 1080p?

Yes. The beta Xbox One version ran at a slightly lower resolution, but the ship-time PS4 and Xbox One versions will share the same 1920-by-1080 resolution. (If you want to quibble over subtle differences in frame rates or screen tearing or rendering techniques, you’ll have to wait for the inexorable Digital Foundry breakdown.)

Are the PlayStation versions really getting exclusive content?

Yes: a cooperative mission, a multiplayer map, class-specific gear, two weapons and three ships. You’ll find all the details here.

Can I preload the game?

If you buy the digital version, yes. The game is available for preload on PlayStation and Xbox stores now. If you preload, you’ll be able to play as soon as the servers go live on September 9.

When specifically on September 9 do the servers go live?

This one’s a little confusing. Here’s Bungie’s official word on the matter via Twitter:

Assuming no launch snafus (and to be fair, that’s a bold assumption), the game’s servers should be accessible in the United States as early as 8 a.m. ET on September 8. That’s no typo: according to that tweet, Destiny, according to the temporal logistics of the International Date Line (which passes through the Pacific Ocean), should be playable in the U.S. by early Monday, September 8.

That’s assuming you have a playable copy of the game, of course. It sounds like you’ll need a retail copy for the privilege: Both Sony and Microsoft list their respective digital versions of Destiny as being playable “starting midnight PST,” or at 3:01 a.m. ET on September 9.

How do you secure a retail copy prior to your local retailer’s midnight launch party on September 9 (in whatever time zone you live)? You’ll have to make your own inquiries: As Bungie says, it’s “between you and your retailer.”

How much disk space will Destiny take up?

The digital versions for PS4 and Xbox One list the game’s footprint as 18.6GB and 18GB, respectively, but that’s just the preload size. After unpacking and the game pulling down any additional launch timeframe data, the game’s footprint will be much larger.

On Sony’s official storefront for the game, it writes “40 GB hard drive storage (or its equivalent) is required.” That’s apparently the case for the Xbox One version, too, assuming this photo of the game’s retail packaging is authentic.

Will the PlayStation and Xbox versions be cross-platform playable?

Nope, nor will PS3 players be able to play with PS4 ones, or Xbox One players with Xbox 360 ones. Each platform is a universe unto itself.

Do I have to pay a monthly fee?

Not to Bungie, no, but after you’ve purchased the game, it requires Xbox Live ($60 a year) to play either of the Xbox versions. And while you can play parts of the PlayStation versions without a $50 PlayStation Plus subscription, the latter is required for “some activities” (certain game modes, though it’s not clear at this point which ones).

Can I play it offline?

No. While Destiny includes the option to play solo, it requires an Internet connection.

What about local split-screen?

I get this question from a surprising number of people about all sorts of online games: but no, alas, local split-screen isn’t supported.

Will there be a PC version?

Bungie co-founder Jason Jones may or may not have said no way back in early 2013, but design lead Lars Bakken told Eurogamer earlier this year that designing a PC version would be “pretty complicated,” but that it “doesn’t mean it can’t happen in the future, it just means it won’t happen right now.”

So not yet, but maybe.

Is there anything else I should know?

Bungie just announced something called “Destiny Planet View,” which uses Google technology to let you poke around the game-verse’s versions of Mars, Venus and the Moon right now.

Says Bungie:

While the experience only reveals a small slice of Destiny’s massive worlds, users will be able to step through each area and discover useful lore, gameplay tips and even a few hidden real-world and in-game incentives along the way.

And here’s the “Destiny Planet View” trailer:

TIME Big Picture

San Francisco 49ers Go Long on STEM Education at Levi’s Stadium

In 2010, when the San Francisco 49ers’ brain trust was drawing up the plans for what is now Levi’s Stadium, they went to one of the tallest buildings in the area and looked out over Silicon Valley.

According to Joanne Pasternack, director of community relations and the 49ers Foundation, these executives could see Google, Intel, Apple, HP, Facebook and many of the leading tech companies in the world laid out right in front of them.

It was at that point that they made the commitment to somehow use the new stadium to help create tech leaders of tomorrow. As one of the 49ers execs told me recently, they wanted to “help develop the people who will someday engineer and create greater features for Levi’s Stadium and develop innovative technologies that can impact the planet in the future.”

Educational Roots

The 49ers have had a long history of supporting education. “Our family has always been interested in education,” said Dr. John York, co-chairman of the San Francisco 49ers. “My father-in-law, Ed DeBartolo, Sr., always felt that if you could give people an education, they can make a way for themselves and their lives. And the 49ers Foundation’s mission has been to keep kids safe, on track and in school.”

“My mother was a school teacher, my father was the son of Italian immigrants,” said Denise DeBartolo York, co-chairman of the San Francisco 49ers. “They always thought that education could level the playing field with at-risk students that were disadvantaged. Once you enable them to get an education, it’s an even playing field.” Mrs. York also told me that she and her husband, Dr. York, have contributed significantly to various underprivileged children’s causes and Title I school initiatives, as well as programs for at-risk kids.

The 49ers organization’s philanthropic contributions — much of which is focused on education — are at least $3.3 million per year. For years, the organization has supported what is called the 49ers Academy in East Palo Alto, CA. According to the academy’s website:

The San Francisco 49ers Academy was established through a partnership with Communities in Schools (CIS) in 1996. CIS started as a small grassroots movement led by Bill Milliken, one of the nation’s foremost pioneers in the movement to help young people graduate from high school and go onto rewarding careers. The 49ers Academy is a unique partnership – a public school, supported by a private non-profit agency. The 49ers are the major underwriter of this program.

Cultivating STEM

However, what they are doing in STEM education at Levi’s Stadium itself is amazing. STEM stands for Science, Technology, Engineering and Math and is a dedicated educational program to get kids interested in these disciplines, eventually guiding them into related career endeavors.

“On and off the field, talent alone will not lead to success,” said Dr. York. “The game changer for promising future leaders is to provide a stimulating environment where their natural talent and drive will be fed by motivating mentors, meaningful activities and academic enrichment. The 49ers STEM Leadership Institute’s vision is to be a leader in STEM education, preparing and inspiring talented learners to meet the challenges of the global society through innovation, collaboration and creative problem solving.”

Budding Brains

The 49ers STEM Leadership Institute program will bring 20,000 students to Levi’s Stadium for daylong programs that tie sports and education around the STEM focus. Each day during the school year, 60 kids from one of the various schools in the Bay Area are brought to Levi’s Stadium in one of the 49ers’ official team buses. They are then broken up into three different groups of 20 each to rotate through three distinct activities.

The first activity features a full tour of the stadium, focusing on the engineering involved with creating a stadium. It shows off the green aspects of the stadium, including a visit to the garden on the roof as well as a look at the solar panels and how they’re used to create energy. The tour also demonstrates how clean technology is used to irrigate the field in order to care for the grass and turf. The kids also get to see the visiting team’s locker room, the field and many of the public areas of the stadium.

The second activity takes place in the new 49ers Museum and includes lessons using various games and interactive screens. Students learn how engineering and math are used to create 49ers football equipment, and how physics is applied to things like passing, kicking and running. The day I was there, they also included a section on careers in math and science. By the way, a trip to the 49ers Museum is highly recommended. It’s one of the best sports museums in the U.S. They use Sony Xperia tablets and various technologies to really enhance the overall museum experience — and for those of us in the Bay Area, it evokes some great memories of five 49ers Super Bowl wins.

The third activity takes place in an actual high-tech classroom that’s built into the new 49ers Museum. This classroom has multiple screens as well as half a dozen touch-based video worktables created by Cortina Productions. They serve as interactive teaching tools that the students can use to do various projects.

49ers STEM
Students receive instructions from teacher Matt Van Dixon while sitting at interactive video tables made by Cortina Productions at the 49ers STEM Leadership Institute at Levi’s Stadium Terrell Lloyd / San Francisco 49ers

I was privileged to attend the inaugural class where they were studying the engineering principles of making a football. Using all of the materials needed to make a football, each group got to assemble a football from scratch, sew it up, inflate it and then test it in a special kicking area where the students could see how each ball performed based on how well they created it.

49ers STEM
Denise DeBartolo York helps students assemble a football at the 49ers STEM Leadership Institute at Levi’s Stadium Terrell Lloyd / San Francisco 49ers
49ers STEM
Students assemble a football at the 49ers STEM Leadership Institute at Levi’s Stadium Terrell Lloyd / San Francisco 49ers

Many of the 49ers star players become the students’ tutors and team captains via video at each workstation table, giving instructions and encouragement for each project.

The interactive lessons vary: One class might teach how a helmet is engineered. Another might be on the physics of throwing a ball, explaining how a physical object like a football deals with airflow, throwing mechanics and force, and how each impacts the direction and length of a throw. There are even lessons on engineering your plate, including nutrition facts and a fitness class that uses the 49ers’ training camp as an example.

The class on applied mathematics explains angular attack and game geometry as well as teaching about statistics, using the Super Bowl and its various Roman-numeral numbering schemes as part of the lesson plan. All lessons are designed to emphasize how math, science, technology and engineering are used in everything from building a stadium to creating sports equipment to the math and physics that go into playing the game of football.

The teacher of the class is Matt Van Dixon, who is the education program manger for the 49ers Museum. Matt is one of the most dynamic teachers I have ever observed, his teaching style grabbing the kids from the beginning of each class. I was extremely impressed with how he developed the lesson plans to integrate the role of engineering and math into all of the sports examples. He and his team created various simulations to make the class interactive and highly entertaining. I asked a couple of kids who were in this inaugural class what they thought about the program and each gave it a huge thumbs up.

49ers STEM
Matt Van Dixon instructs students at the 49ers STEM Leadership Institute at Levi’s Stadium Terrell Lloyd / San Francisco 49ers

Branching Out

The 49ers STEM Leadership Institute has also been implemented in the Cabrillo Middle School in Santa Clara, CA, which is just down the street from Levi’s Stadium. With the 49ers’ support and big help from the Chevron Corporation, who created the STEM labs at the school, 60 students from the Santa Clara Unified School District are selected each year to go through a six-year program designed to inspire and prepare students with high academic potential to pursue STEM majors at top-tier universities and become future leaders in their fields. In addition to enriched math and science instruction, students have regular access to the Chevron STEMZone, a tech lab equipped with a laser cutter, 3D printers and other fabrication tools.

Steve Woodhead, Chevron’s global social investment manager, told me that when the 49ers approached them to help with the STEM Institute, they were glad to be involved and worked hard to create the learning labs used in these special education programs.

Another important partner in this program is the Silicon Valley Education Foundation. SVEF’s charter is to be a resource and advocate for students and educators. They provide advocacy, programs and resources to help students reach their full potential in the critical areas of science, technology, engineering and math. According to Muhammed Chaudhry, president and CEO of SVEF, his non-profit group played an important role in advising the 49ers and Chevron on STEM studies and helped with the development of the curriculum used in the institute’s educational programs.

What the 49ers are doing is using sports — a subject that most kids understand and can relate to — and tying it to math, science, technology and engineering in a way that brings these disciplines to life, making learning these subjects fun and entertaining. Getting to see this program in action was truly enlightening. I saw how the 49ers’ STEM Leadership Institute could help create future tech leaders, the major goal of their vision and program from the start.

I hope that all of the folks in the sports industry school themselves on the 49ers’ pioneering STEM education program and how it takes full advantage of the role sports can play in teaching STEM-related disciplines.

Bajarin is the president of Creative Strategies Inc., a technology industry analysis and market-intelligence firm in Silicon Valley. He contributes to Big Picture, an opinion column that appears every week on TIME Tech.

TIME Autos

GM Will Make Cars With Motion Sensors to Keep Your Eyes on the Road

Detroit Exteriors And Landmarks
A general view of the Cadillac showroom in the General Motors Renaissance Center on August 14, 2014 in Detroit, Michigan. Paul Marotta—Getty Images

Eye and head tracking sensors will make it harder to text while driving

General Motors is reportedly installing sensors in its next generation of cars that will detect drivers’ eye and head motions and alert drivers to prolonged moments of distraction.

The Financial Times, citing unnamed sources, reports that GM’s safety parts supplier, Takata, has signed a deal with Seeing Machines to purchase upwards of 500,000 tracking devices that use cameras to detect subtle signs of distraction, such as the rotation of the head or frequency of blinks.

GM declined to comment on the deal, but people with knowledge of the plan confirmed to the Financial Times that the devices would be used to keep drivers’ attention on the road.


TIME apps

German Court Bans Uber

A violation of the ban could result in a fine as high as $328,000 per ride


A court in Frankfurt has imposed a nationwide ban on Uber’s ride-sharing service, ruling that the company lacked the necessary permits to pick up passengers.

The court ruled the company could no longer pick up passengers through its UberPop service, a cheaper alternative to Uber’s black car service, and it could pay upwards of $327,840 in fines for a single trip, BBC reports. Uber vowed to continue serving customers, arguing that the ban could not go into effect while the ruling was under appeal.

“You cannot put the brakes on progress,” the company said in a statement. “Uber will continue its operations and will offer UberPop ridesharing services via its app throughout Germany.”

Uber, which connects drivers and riders through a mobile app, has faced stiff opposition from regulators and entrenched taxi businesses in both the United States and abroad.


TIME Security

Is It Safe for You to Use the Cloud After Celebrity Hack?

Apple's New iPhone 4s Goes On Sale
Justin Sullivan—Getty Images

These four tips can help protect your information online

News of a hacker breaking into Apple iCloud accounts to steal photos of dozens of female celebrities has rocked the tech world, where Apple’s security measures had been thought by many to be rock-solid.

And if hackers can access the accounts of celebrities, it’s possible they could access your information as well. Here’s what you can do to protect the data you save to the cloud:

Use Two-Step Authentication

Two-step authentication requires you to answer two questions before you can access an account. Typically, one question requires you to recall a password and another requires you to look at a text message or email and enter an authentication code. The process is a huge deterrent for hackers who may use one of many sophisticated methods to guess a password but have no way to access your phone to tap in an authentication code. A number of services offer two-step authentication, including the iCloud, Gmail and many banks. For most services you have to opt in.

Check the Cloud, Not Just Your Device

After hearing that her photos had made their way to the Internet, Scott Pilgrim star Mary E. Winstead said she had deleted the photos in question “long ago.” But deleting photos from your phone doesn’t mean that they’re deleted from the cloud. In fact, the cloud exists to back up everything you do and create on a device. If there’s something you never want anyone to see, delete it everywhere!

Vary Your Passwords Between Devices and Sites

This is an obvious one, but you may be surprised how many people don’t follow it. Having the same password for everything greatly increases your exposure to potential hackers. Once they get access to one thing, they have it all.

If You Don’t Want People to See, Don’t Put It Out There

Even the most cautious Internet users are vulnerable to attacks, as hacking technology gets ever more complex. If there’s something you really wouldn’t want people to see, don’t put it out there. That is, don’t put it anywhere on the Internet.

TIME Security

How That Massive Celebrity Hack Might Have Happened

"The Other Woman" - Los Angeles Premiere
Kate Upton at the Los Angeles Premiere of "The Other Woman" at Regency Village Theatre on April 21, 2014 in Westwood, Calif. Jon Kopaloff—FilmMagic/Getty Images

Tech experts say hackers may have gained access to cellphone pictures of Jennifer Lawrence, Kate Upton and others in the iCloud via the "Find My iPhone" app

Correction appended

The leak of personal photos of more than 100 female celebrities, nude and otherwise, has tech observers questioning and debating potential vulnerabilities in Apple’s iCloud. But for those of us who don’t intuitively understand technology the questions remain: how could this happen and could it happen to me? Here are some answers:

Who was affected?

An anonymous user posted photos of celebrities like The Hunger Games star Jennifer Lawrence and model Kate Upton to the site 4Chan. The hacker claimed that there could be posts of more than 100 celebrities in total. Some celebrities, Lawrence and Upton included, confirmed the photos’ authenticity. Others, like Nickelodeon star Victoria Justice, claimed the photos were fakes.

How did the hackers do it?

The leading theory goes that hackers found a vulnerability in Apple iCloud’s “Find My iPhone” service, which helps users find lost or stolen phones via the cloud. Apple typically protects its products from so-called “brute force” programs that repeatedly guess random passwords for a given username until it gets a match.

But for some reason, various tech blogs have reported, Apple failed to do this with its Find My iPhone service. Hackers identified this vulnerability, TheNextWeb reports, and allegedly used a brute force service called “iBrute” to gain access to celebrities’ passwords — and consequently, the photos stored in their iCloud accounts.

Some tech observers are skeptical of this explanation, though. Most hacks occur through more straightforward methods of collecting a user’s personal data — via a lost cellphone owned by one of the celebrities, for example. There’s also evidence that some photos came from other devices that wouldn’t back up to the iCloud, like Android phones.

What does Apple have to say about all of this?

An Apple spokesperson told Re/code that the company is “actively investigating” the issue, but provided few other details. The company also reportedly rolled out a security upgrade Monday, just hours after the first hack, to eliminate the possibility of a brute force service gaining access to passwords via Find My iPhone.

Could this happen to me?

If the hackers did indeed use a brute force method on the iCloud and Apple has yet to fix the problem, then, in short, yes it could happen to you. Brute force methods can be applied so long as the hacker has your username. That said, this method does not collect broad amounts of data for a lot of people. Hackers would need a reason to target you specifically.

How do I protect myself?

The only way to completely protect yourself on the internet is to stay off it. But if you want to continue living in the 21st century, use two-step verification. Apple’s iCloud is just one of many services where you can set your account so that it asks you two personalized questions before you can access it. This makes it much, much harder for hackers to get where you don’t want them. Also, maybe think twice before uploading those nude photos?

The original version of this article misidentified the alleged role of code-hosting site GitHub in the data theft. Hackers reportedly used a code that was posted to the site.

TIME celebrities

Hackers Leak Explicit Photos of More Than 100 Celebrities

Jennifer Lawrence and Kate Upton among the victims of hacking from a cloud-based data storage network


Jennifer Lawrence, Selena Gomez and Kirsten Dunst were among an estimated 100 celebrities alleged to have private and explicit photos leaked online Sunday, after hackers apparently accessed their cellphones through a cloud-based storage network.

The photographs originally turned up on the website 4chan, where hackers claimed to have infiltrated the phones of more than 100 celebrities and promised to leak more images in the future.

The pictures were reportedly stolen from a cloud-based data storage network. Some posters claimed it was Apple’s iCloud system that was hacked, Mashable reports, though the company has not confirmed those rumors.

A spokesperson for Lawrence acknowledged the authenticity of the images, calling it a “flagrant violation of privacy” and vowing to prosecute anyone who shared the images online. “The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” the spokesperson said in a statement, People Magazine reports.

Actress Mary Elizabeth Winstead lambasted both the people who posted and viewed the images, which she said were taken in the privacy of her home with her husband.

Nickelodeon star Victoria Justice denied the authenticity of the images, accusing hackers of doctoring images.

McKayla Maroney, the teenage gymnast who won Olympic gold medals in the team and vault competitions in 2012, also tweeted that images of her were faked. Like Winstead, she had a message for the hackers:

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser

Get every new post delivered to your Inbox.

Join 46,499 other followers