It's the story that has everything the internet loves: Apple, nudity, celebrities, technology and the continued erosion of privacy. Yes I'm talking about the theft of naked photos of celebrities from iCloud.
You all know the story, perhaps you've seen the photos (shame on you), and we've all heard someone make the glib comment ‘well, they shouldn't have naked photos on their phones', thereby somehow passing blame to the victims.
Of course, the real blame lies with whoever hacked their accounts. Apple has acknowledged that this is what happened, with those behind the attack most likely using a combination of email addresses and passwords to gain access.
Trend Micro's Rik Ferguson listed a few potential ways this could have played out, ranging from using the ‘forgot password' page - with information on the celeb's likely answers easily researched online - to a simple phishing attack.
"A targeted phishing mail sent to a number of celebrities, enticing them to enter their iCloud credentials onto a fake login page would do the job just as well as any more complex hack," he said.
Ferguson, like many others (including myself) also believe the celebrities in question probably had no idea these photos were backed up and therefore still existed even after they had been deleted from their phones.
"Deleted may not always mean deleted. In this case it seems that some of the victims may have believed that deleting the photos from their phones was enough, perhaps forgetting about Apple's Photo Stream," he wrote.
It seems fair to say many people will be unaware of things like automatic cloud backup, as the cross-account storage function is a relatively new concept. However, for celebrities to be so naïve about their digital lives does surprise me.
We've all heard about celebrities being pampered and preened by an army of stylists and assistants to help them portray a perfect image to the world. Yet it seems a digital security assistant should be the next must-have accessory for the famous, and no doubt a few Hollywood starlets now wish someone in their entourage had advised them on the threat smartphones pose to their sensitive data - in this case naked photos.
There is a lesson here for businesses too. While many firms pay for regular security services such as penetration testing to assess defences, people are just as much of a problem, as I wrote last week, so this needs to be addressed as well.
Perhaps the best approach is to see top business personnel with access to the most important corporate data as a celebrity (as they probably do themselves) and put regular training in place to teach them of the risks they face.
This could focus on the importance of strong passwords, and that their secret questions are not easily guessed, that they're aware of phishing scams doing the rounds and that they know how cloud backup works.
No-one is going to say after such an incident 'well, you shouldn't be storing such important data', and instead serious questions will be asked about why the security in place was so poor and why training wasn't given.
For more information on the cloud, visit the Intel IT Center.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software