Many tabloid magazines have sections called, "Celebrities - They're Just Like Us," to show us just how normal celebrities are. They share photos of them ordering Starbucks, gassing up their cars and walking barefoot down the beach. They show us famous Hollywood beauties without an ounce of makeup.
What they don't usually show us, however, is that celebrities really are just like us when it comes to online security. They're vulnerable to the same online scams, and some might say they that they have more to lose in the event they get hacked.
That's what happened to 130 celebrities that were targeted by a 23-year-old hacker from the Bahamas named Alonzo Knowles. The hack was discovered when Knowles reached out to a popular radio show host in New York, offering to sell movie scripts from an unaired show. At first, the radio host thought it was a prank, but then Knowles provided screenshots of scripts from the first 6 episodes.
After discovering that Knowles truly did have access to this information, the radio host reached out to the authorities. He filed a complaint, and worked with the police to connect Knowles with an undercover agent who pretended to be interested in buying the scripts. The sale price was set at $80,000, and arrangements were made for Knowles to fly in to the U.S. for the transaction.
When Knowles arrived in the states, the sting operation was conducted and he was arrested immediately after accepting the payout.
Further interrogation of the suspect led to the discovery of the full extent of the hack. Knowles claimed to have access to the personal information of at least 130 celebrities, as well as private scripts, photos and even sex tapes. For some, he had their Social Security numbers, driver's license information and details on their passports.
To gain access to this information, Knowles claimed to have researched the targeted celebrities in order to guess their answers to login security questions. He said it was more challenging to get the information of higher-profile celebrities, so he began targeting their friends instead, which he found through social media posts and shared photos. Once he had access to their friends accounts, finding an "in" for the celebrity's account became easier.
Once Knowles had access to the celebrities' phone number and email, he began sending out fake text messages that claimed their accounts had been compromised. To resolve the issue, he provided instructions that they should respond to the text message with their passwords. And, apparently, many of them did. Then armed with their passwords, Knowles simply logged into their accounts and changed the answers to their security questions, turned off their account alerts, and in some cases installed malware.
Most of the celebrities were unaware that their accounts had been compromised, and were only identified by the names on the stolen scripts.
As a consequence for his actions, Knowles has been detained in the U.S. and is facing charges.