Failure to Protect Samsung Cloud Accounts Has Allowed Hackers to Blackmail K-Pop Stars

Hackers Blackmail Korean Celebrities After Hacking Their Samsung Cloud Accounts

For years now, we have had services like iCloud and Samsung Cloud, which help us back up all our photos, videos, texts, and contacts to the cloud and restore them on another device with a few taps of the screen. Many people (especially the ones who change their phones often) would say that these platforms are a godsend. Some Korean celebrities, however, would probably beg to differ.

Cybercriminals are trying to extort money from Korean celebrities

Last week, South Korean news website Nate.com reported that some of the best-known stars in the Far East country had fallen victims to a cyberattack. Criminals had contacted K-pop artists, actors, and chefs to inform them that their private photos, videos, messages, and contact details had been compromised. The victims received samples of the data, which proved that the breach was real and were told that if they don't pay a ransom, all the information would be leaked to the whole world. Authorities have apparently identified at least ten cases, with the ransom demands ranging from 50 million South Korean won (just over $43 thousand) to 1 billion South Korean won ($865 thousand).

In some cases, the hackers would also get in touch with people from the victim's contact list in order to put the celebrity under even more pressure. This tactic has worked, and some of the stars have reportedly paid the ransom to keep their data away from public view.

Not all of them yield that easily, though. Actor Joo Jin-mo, for example, chose to ignore the criminals' demands, and he faced the consequences. After their attempts to extort money from Jin-mo failed, the crooks leaked some SMS exchanges between him and a fellow actor.

The leak was quickly traced to Samsung Cloud

It was discovered that all of the targeted celebrities used Samsung phones, and it immediately became clear that the data could have only been taken from their Samsung Cloud accounts. Although the information was stolen from Samsung Cloud, the South Korean technology giant has not reported a breach of its service, which means that most likely, the criminals compromised the victims' accounts by guessing their passwords.

It's still unknown whether the hackers used a credential stuffing attack or whether they brute-forced their way in. Whatever the case, however, the fact that the information was leaked in the first place shows that the celebrities' password hygiene was less than perfect.

Even so, a single toggle switch buried deep inside Samsung's account settings would have prevented the attack. The toggle switch in question turns on Samsung's Two-step verification, and users can find it by opening the Settings app, tapping Accounts and backup > Accounts, and then selecting their profile. The Two-step verification toggle is in the Password and security section.

More commonly known as two-factor authentication, two-step verification is the simplest form of protection against unauthorized access. To be fair, in the case of Samsung Cloud, finding the switch that enables it is not as easy as it should be, but the leaks should teach both celebrities and regular users that taking the time to properly secure your accounts is definitely worth it.

A Korean Celebgate

Some of you might be having a déjà vu moment right now, and that's because back in 2014, quite a few celebrities in the western world found themselves in a similar situation. Dubbed Celebgate, the attack targeted Apple's iCloud rather than Samsung Cloud, and there were no reports of criminals trying to blackmail their victims. Other than that, the story was pretty much identical – film and music stars had failed to protect their accounts properly, and as a result, they had their private lives exposed.

In the wake of Celebgate, Apple moved the button that enables the two-factor authentication feature to a more prominent place. Hopefully, Samsung will do the same, and hopefully, celebrities not just in South Korea but all over the world will ensure that it's clicked.

January 13, 2020

Leave a Reply