Multiple A-list South Korean celebrities are being extorted out of hundreds of thousands of dollars.
The reason could be an unidentified security hole in Samsung Galaxy phones or the company’s cloud service. Alternately, it could be that the celebrities are reusing account passwords that have been compromised by other means.
According to the South Korean site Nate.com (opens in new tab), K-pop stars, actors, and even famous chefs are being extorted for quantities that go from 50 million won ($43,000) up to 1 billion won ($862,000). If they don’t comply, the extortionists threaten to release compromising chat threads, pictures, and videos.
So far, "more than 10 extortion cases" have been identified and confirmed by the authorities. In one case, the unidentified extortionists published private conversations involving famous South Korean actor Jo Jin-mo after Jo declined to pay them.
Other stars have reportedly paid ransoms after the extortionists proved they had compromised material. South Korean celebrities are highly susceptible to disgrace and public embarrassment.
The extortionists -- described as "hackers" by Nate.com, although it's not yet clear how the private material was obtained -- also contacted friends and family of the celebrities, warning them about what would happen if a celebrity didn’t comply with their demands.
Would 2FA prevent this?
The issue may involve Samsung Cloud, which backs up personal data and device settings from Samsung Galaxy phones and tablets to Samsung's servers so that users can quickly transfer to new Galaxy phones.
Nate.com corresponded with an unidentified individual who claimed to be among the people apparently stealing data from celebrities' Samsung Cloud accounts. The "hacker," who did not seem to be a native speaker of Korean, implied that they were downloading the data on Samsung Cloud accounts to new phones.
It's not clear how the "hacker" would have gotten access to Samsung Cloud accounts, but if the targeted celebrities had not activated two-factor authentication (2FA) on their Samsung accounts, then only the username/email address and password would have been required to transfer the Samsung Cloud data to a new phone.
If a targeted celebrity's credentials for another account was part of a large data breach, then an attacker could try those credentials to access the celebrity's cloud accounts. If the celebrity reused passwords, and did not have 2FA enabled, then the attacker would probably succeed.
Nate.com experimented with this method and was able to transfer a user's Samsung Cloud backups to a new phone with only the username and password.
This apparent situation is similar to what Apple faced in 2014 when multiple celebrities’ private images and videos leaked into the internet, apparently taken from Apple's iCloud service. The incidents, dubbed "The Fappening" by online snarks, prompted Apple to make enabling 2FA easier.
Samsung has yet to take that step -- we couldn't find any instructions on how to enable 2FA on a Samsung account, although it is certainly possible. Here's a YouTube video showing how.