DON GONYEA, HOST:
The the recent exposure of nude photos of celebrities taken from their Apple iCloud accounts is very different in some ways from many of the other hackings we've heard about lately. When hackers steal credit cards, like that major breach last year at Target, the expense can be absorbed by the retailers and banks. Credit cards can be canceled to contain the damage. But in this case involving Apple, just about all of the impact falls on the phone and photos' owners - like actress Jennifer Lawrence. Simply put, you can't take back the images once they're out there. Joining us now is NPR's Aarti Shahani. Good morning.
AARTI SHAHANI, BYLINE: Good morning.
GONYEA: So obviously, we need to say that these celebrities were victimized by the hackers. Their private photos were stolen. But is there a larger lesson here - simply that nothing is private in the Cloud?
SHAHANI: I mean, that's one lesson, and some people are saying don't trust the cloud. But it's also kind of unrealistic given how much people like to view and upload their data from anywhere. But there is a way to have convenience as well as a lot more security. So if you take this analogy - when you've got family jewels and you put them in a bank vault, it takes more than one key to get in; there's your key and the bank's and then some ID checks.
So when you're putting more and more piles of valuable data into online vaults - like pictures and financial information - there should be more keys to protect that data. And a lot of people say more keys and a better lockout procedure would have prevented the Apple hack.
GONYEA: OK, we keep calling this a hack. But in fact, Apple denies that any breach has actually happened.
SHAHANI: That's right. Apple put out a statement that was very carefully worded and, you know, many would say intentionally vague. And Apple said that according to the cases they've investigated, hackers didn't breach iCloud or find my iPhone. But it's entirely possible that another computer program that talks to iCloud, for example, was breached. So hackers could get the data they wanted that way. And NPR asked Apple about this possibility. The company hasn't decided it or ruled it out publicly yet.
GONYEA: And if you don't want sensitive stuff on Apple or Google servers, does deleting it from your phone mean it won't go to the cloud? Say you've got a naked selfie on your smartphone, can that ever really be private?
SHAHANI: (Laughter) No. Listen, there is no such thing as a completely private naked selfie. On a smartphone, it's basically a myth. A user has to take explicit steps to disable what's called automated backups. Otherwise Apple and Google are copying every picture to their servers, and it's really common in these phone-related breaches for the hackers to target those backups. One expert I interviewed wants tech companies to create a new feature. So say I click delete on my phone, I should be offered the option to permanently delete the file from everywhere - from backup, from temporary folders - so that I know it's really deleted. And he says as customers, we have a right to this.
GONYEA: I mean, I guess the ultimate question is, has Apple really done enough to protect its customers?
SHAHANI: Well, I mean, there is a way to protect an account through a process that's called two-factor authentication. So basically you have a password that you use to get into your account, and then separately you might have to reply to a text message on your smartphone to confirm it's really you. So this two-factor process is something that Apple has introduced into iCloud. They could do a more thorough push to make sure that people, especially, you know, high-target people like celebrities are using it. And probably now the word is out that people have to use stronger processes.
GONYEA: All right, that's NPR's Aarti Shahani in San Francisco. Thanks for joining us.
SHAHANI: Thank you.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.