News broke this weekend of celebrities having their private pictures stolen from their cloud (ie. online storage) accounts.  To read the headlines on traditional media sites you would be right to think that The Cloud was hacked and that Apple was The Cloud.

First a bit of a primer as to what The Cloud is.  Basically the internet is the cloud.  If it's online, its in the cloud.  No one invented the cloud, per se, but instead the term came into popularity a few years ago as online storage became more accessible to everyone.  Today the term The Cloud has come to mean online storage.  Today the main players are Microsoft (OneDrive), Google (Google Drive), and Apple (iCloud).  Dropbox was at the forefront of online storage but as of late they have been left behind by the Big Three. People can use their PC's, Tablets or Smartphones to sync all their data to the cloud for easy access to their files or to share with their friends/coworkers.

It was not the entire cloud that was hacked this past weekend.  If you use Google Drive, OneDrive, DropBox you are all safe.  Even if you have an iCloud account you could still be safe.  Those that were hacked were those with an iPhone and an iCloud account*.  The hackers did not hack iCloud accounts directly but instead used a previously unknown security hole (referred to as Zero Day) in Apple's Find My Phone service.  The hackers used a 'brute-force' attacked which is where they keep trying different passwords until they get one that's right.  Normally a website will shut you down after you make a few wrong guesses (I'm sure many of you have experienced this when you've forgotten a password).  Apple's Find My Phone flaw was that there was no limit as to how many times you guess a password.  Once they came across the proper password on the Find My Phone website they could then log into the person's iCloud account.  Apple quickly issued a fix and this can no longer be done.

In my opinion the cloud is safe.  I use it and I have no worries.  I'm not saying that the cloud, no matter what service you use, is 100% safe but neither is anything you are using now.  Even if you don't use a cloud service you computer could potentially still be hacked (I have a few clients who have had this done to them) or your house could be broken into.  Nothing is 100% safe.

To stay safe the key is always the same - make your account as secure as possible.  With something as important as your cloud account or your email address you need to make the password a really good one (no more birthdays, names or your pets, your address, phone number or any other easily guessed passwords).  Also use two-step verification.  By turning this on you have to use your normal log-in information, plus a code that is sent to your cell phone via text message or even a call to your home phone with a computer reading a number to you.  The big three providers all have this feature and I encourage everyone to use it (even though this would not have worked in the hack over the weekend because Apple's Find My Phone service didn't even use two-step verification).  To make things easier for you, here is a list of links to set up your own two-step verification:

Microsoft - http://windows.microsoft.com/en-ca/windows/two-step-verification-faq

Google - http://www.google.ca/landing/2step/

Apple - http://support.apple.com/kb/ht5570