21 Worst Celebrity Hacks Ever
In the age of the internet, celebrity hacks seem almost commonplace. Whether it's a batch of nude photos of Jennifer Lawrence or Scarlett Johansson, or it's private emails taken from the inbox of Sarah Palin, we've come to expect frequent swarms of stolen internet goods.
But the art of breaking into digital accounts dates back much further than you'd think. The Trojan horse, social engineering and other methods of getting into a phone, network, account or computer seem to go back to the days of, well, the original Trojan horse. And yet with each new hack, a new scandal ensues.
Here is our comprehensive list of the most memorable celebrity hacks. Learn from these security nightmares as best you can.
Photo: Jason Merritt/Getty Images
Kate Upton, Jennifer Lawrence and 50 More Celeb Nudes (2014)
There were few things grosser than the flood of celebrity nude images in August 2014 that came to be known as "The Fappening," a name with dubious connotations. Among the most famous victims were Jennifer Lawrence, Kate Upton and Kirsten Dunst, whose nude photos were widely leaked onto 4chan, Reddit and eventually into mainstream media. Dozens more women (and a couple of men) were also involved, not all of whom confirmed the images were of them.
Ryan Collins, one of two masterminds responsible for breaking into the Apple accounts of about 100 people (mostly female celebrities), was sentenced to 18 months in prison in October 2016. Hopefully, Collins' apprehension will prevent others from seeking out celebrity nudes.
How to Avoid This: Enable two-factor authentication on your iCloud account.
Photo: Donald Bowers/Getty Images
Scarlett Johansson (2011)
In 2011, a few nude photos of actress Scarlett Johansson — which she said were meant for then-husband Ryan Reynolds — were leaked to the internet. Investigators quickly traced the leak to Chris Chaney, a 35-year-old hacker from Jacksonville, Florida, who later went to prison for 10 years for illegally accessing the email accounts of more than 50 people in the entertainment industry.
How to Avoid: Set up two-factor authentication on all your email accounts.
Photo: Kevin Winter/Getty Images
Leslie Jones (2016)
Actress and Saturday Night Live star Leslie Jones had her personal website hacked into in August 2016, resulting in the theft and public release of her driver's license, her passport and some nude photos. A month earlier, after the release of the Ghostbusters remake, Jones had become a target for racist online harassment, particularly via Twitter.
The abuse became so overwhelming that Jones temporarily quit using social media. As a result, Twitter permanently banned Milo Yiannopoulos, a provocative writer whose Twitter followers had been particularly brutal in harassing Jones. Jones later came back online, tweeting in September, "I ALWAYS GET BACK UP!"
How to Avoid: Unknown. It's not clear how Jones' website was broken into.
Photo: Alberto E. Rodriguez/Getty Images
Paris Hilton (2005)
One of the first major hacks that violated a female celebrity's privacy was committed by a group of sneaky teen hackers. In 2005, young heiress Paris Hilton's T-Mobile account was broken into using "social engineering" — tricking people into breaching security protocols or turning over confidential information. In the case of The Simple Life reality star, this involved a simple phone call. The kids reportedly manipulated a T-Mobile employee into giving them access to a site that listed customer telephone numbers.
Because the hackers had already learned how to reset the password on any T-Mobile account if they knew the phone number, they locked Hilton out of her phone and T-Mobile account and accessed all of her texts, video and photos — including several nude images. They also took a break to prank-call actor Laurence Fishburne (of The Matrix fame) because, you know, why not?
How to Avoid: You can't. Dumb employees will always make dumb mistakes.
Photo: Michael Dodge/Getty Images
Miley Cyrus (2007)
Miley Cyrus' MySpace and Google accounts were broken into by teenage hacker Josh Holly, who tricked a MySpace employee into granting access to a list of account passwords. Holly found that Cyrus' MySpace password also worked for her Gmail account, in which he found provocative photos she had sent to Nick Jonas.
Holly put the photos online and bragged about never getting caught — which led to the FBI raiding his home. (In 2011, he pleaded guilty to credit-card fraud and breaking into other MySpace accounts.) Good thing we all collectively deleted any provocative duckface selfies and embarrassing "im bored rawr XD" status updates years ago...right?
How to Avoid: Set up two-factor authentication on your Google account. Delete your MySpace account.
Photo: Frazer Harrison/Getty Images
Sarah Palin (2008)
In September 2008, then-Alaska governor and vice presidential candidate Sarah Palin's Yahoo account was broken into when a 20-year-old man found that Palin had made her own birth date the answer to a password-reset question. The man, who later went to prison for the break-in, posted screenshots of Palin's emails to WikiLeaks. The hack revealed Palin's family photos and evidence that she may have used her personal email account to conduct official business.
How to Avoid: Make up weird answers to password-reset "security questions" that no one else can learn or guess.
Photo: Alex Wong/Getty Images
Lady Gaga, Justin Timberlake, Kelly Clarkson, Ke$ha (2010)
Back in 2010, a German teenager and a 23-year-old accomplice allegedly hacked into computers owned by Lady Gaga, Justin Timberlake, Kelly Clarkson and Ke$ha, using malware to steal the artists' unfinished songs. The hackers then sold the songs online for more than $10,000. But rather than remain silent or brag about the feat, the teenager penned a strangely sweet and very remorseful apology to a German paper, explaining that he "never thought it would go so far."
How to Avoid: Use antivirus software to stop malware, even if you're on a Mac.
Photo: Scott Gries/Getty Images
Ashton Kutcher (2011)
Whoever hacked into Ashton Kutcher's Twitter account in 2011 didn't seem to be interested in compromising the actor himself. He or she really seemed to want to draw attention to Twitter's security problems. A tweet from Kutcher's account read: "Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?"
The message was a demand for SSL, or Secure Sockets Layer, a security feature that was not then standard on Twitter. Kutcher's Twitter account was reportedly hijacked again in 2012 with a tweet referencing a romantic encounter, at a time when rumors about Kutcher's relationship with screenwriter Lorene Scafaria were swirling around the web. (Kutcher was still married to Demi Moore and had begun a relationship with current wife Mila Kunis.)
How to Avoid: Use a strong password for your Twitter account, and set up two-factor authentication.
Photo: Jason Merritt/Getty Images
Michelle Obama, Beyoncé, Jay-Z, Kim Kardashian and dozens more (2013)
A group of Russian hackers "doxxed" dozens of famous people by posting a slew of credit reports online in early 2013, divulging bank-account numbers, mortgage information and credit-card details. According to the stolen data, Michelle Obama had both Gap and Banana Republic credit cards, and Jay-Z owed a lot of money to American Express. The idea that Michelle Obama has the same average-person Gap credit card as you is pretty cool.
How to Avoid: You can't, other than by subjecting yourself to a permanent credit freeze. The documents were obtained legally and then misused.
Photo: Mike Coppola/Getty Images
Madonna (2014)
The Internet really bummed out Madonna in December 2014. The singer was pushed to release her 2015 album, "Rebel Heart," four months ahead of schedule after tracks were leaked online, compromising the album as a whole. Madonna's manager, Guy Oseary, took to Twitter to ask fans for help in apprehending the hacker (although it's possible the theft was an inside job). Madonna herself said that the leaked tracks were "unfinished demos," and thanked fans who remained loyal by not listening to the tracks.
How to Avoid: Not clear. The leaker could have worked at the recording studio or record company.
Photo: Kevin Winter/Getty Images
Angelina Jolie (2014)
During the early stages of planning for two feature films (a Steve Jobs biopic, which was made, and an adaptation of Cleopatra, which wasn't) Angelina Jolie became the subject of some petty work gossip — not unlike what probably happens in your own office. This round, however, was between two Hollywood bigwigs.
In early 2014, heavy-hitting movie producer Scott Rudin sent a strongly worded email to Amy Pascal, head of Sony motion pictures, that made it very clear that he was not an Angie fan by calling Jolie a "minimally talented spoiled brat." The exchange was revealed later that year when Sony Pictures Entertainment was attacked by North Korean hackers and the company's email archives were posted online. But hold the drama — while Hollywood waited for the typical celebrity beef to unfold, Jolie told the New York Times that it didn't really faze her.
How to Avoid: You can't control what other people say about you.
Photo: Jason Merritt/Getty Images
Sienna Miller (2014)
It's hard to mention phone hacking without mentioning the lawsuits against the News of the World, a London tabloid that is now defunct, whose employees broke into the voicemail accounts of, well, almost every prominent person in Britain.
It's a complicated, high-profile case, and the targets ran the gamut from members of the British royal family to victims of the 2005 London bombings, but several Hollywood stars got the spotlight on their voicemail messages. They included actress Sienna Miller, who in 2005 was in a relationship with actor Jude Law. Miller was accused of having had an affair with Daniel Craig (aka James Bond) after her voicemail messages were revealed nine years later. Other phone-hack victims included Hugh Grant, Charlotte Church and J.K. Rowling.
How to Avoid: It's hard to do so when most voicemail accounts can be accessed with a four-digit PIN.
Photo: Justin Sullivan/Getty Images
MORE: Best Smartphones
Bjork (2015)
Madonna isn't the only singer disenchanted with the internet's handling of album releases. When Bjork's 2015 album, "Vulnicura," was leaked online two months too early, the Icelandic singer made a last-minute decision to release the album in its entirety on iTunes as a response.
That put Bjork's record label, One Little Indian, in a tough spot, due to its original agreement to offer the album exclusively on Amazon. Although Amazon cooperated and sold the album to iTunes, Bjork's label still had to deal with the repercussions of releasing an album too early, such as a drop in expected sales.
How to Avoid: As with Madonna's case, this could have been leaked by anyone on the inside.
Photo: Karl Walter/Getty Images
MORE: 18 Best Music Apps
Britney Spears (twice in 2009)
In the early days of Twitter, account takeovers were just as novel as the platform itself. Maybe that's why Britney Spears, then listed as a "Top 10" Twitter user, had her account easily hijacked twice in one year. One tweet, from Nov. 12, 2009, read: "I give myself to Lucifer every day for it to arrive as quickly as possible. Glory to Satan!" That was followed by a similarly dark sentiment: "i hope that the new world order will arrive as soon as possible! -Britney." The hacker changed Britney's background to Illuminati-themed wallpaper, just in case you missed the message.
How to Avoid: Choose a strong Twitter password and enable two-factor authentication.
Photo: Jason Kempin/Getty Images
David and Victoria Beckham (2005)
Celebrity couples deal with vicious rumors all the time — it's all a part of the game. Soccer superstar David Beckham and his wife Victoria Beckham, aka Posh Spice, were both targeted in 2005 when News of the World reported that Beckham was having an affair with his then-assistant, Rebecca Loos. The story went on to win "Scoop of the Year" at the British Press Awards, and led to the Beckhams' suspicions that their cellphone voicemail accounts had been compromised.
In 2011, Beckham and a slew of other celebrity phone-hacking victims sued the newspaper's parent company, and while Beckham never formally testified, the case resulted in a police investigation and the eventual shutdown of the News of the World.
How to Avoid: It's hard to do so when most voicemail accounts can be accessed with a four-digit PIN.
Photo: Kevin Winter/Getty Images
MORE: 10 Best Soccer Apps
Carla Bruni (2011)
The mere promise of celebrity nude photos became a high-value tool for foreign espionage, all at the expense of then-French first lady, actress and singer Carla Bruni. During a Group of 20 economic summit in Paris in 2011, Chinese spies baited senior foreign officials with the subject line, "French First Lady nude photos!" This prompted nearly every recipient to open an attachment that, perhaps to some recipients' dismay, contained malware rather than risqué photos.
How to Avoid: Don't click on unsolicited email attachments.
Photo: Getty Images
Kendall Jenner, Harry Styles (2016)
When the One Direction frontman and the Kardashian sibling went to St. Bart's for the 2015 Christmas holidays, little did they know their vacation photos would soon end up online. Yet that's exactly what happened a few months later, when an enterprising One Direction fan broke into the iCloud account of Anne Cox, Harry's mother, and posted the snaps online. There wasn't anything terribly risqué about the images — after all, these are the pictures Harry wanted his mother to see — but it was a serious breach of privacy nonetheless.
How to Avoid: Enable two-factor authentication on your iCloud account — especially if you're closely related to a celebrity.
Photo: Ari Perilstein/Getty Images
Jack Black (2016)
Remember when the Twitter-verse thought for a split second that actor Jack Black had left this Earth? You can thank your favorite professional social network, LinkedIn. After a huge number — 117 million accounts' worth, give or take a few — of usernames and passwords were copped from LinkedIn by a team of hackers and posted online, many celebrity accounts were subject to misleading tweets in mid-2016.
A tweet from the account of Tenacious D, Black's band, abruptly led followers to believe the actor/musician had died. Among other tweetjacking victims were Rolling Stones guitarist Keith Richards, Kylie Jenner and even late Jackass star Ryan Dunn, five years after his death. Even Facebook CEO Mark Zuckerberg, who is seemingly the boss of half the internet, had his LinkedIn and Pinterest accounts compromised several weeks after the LinkedIn data leaks went public.
How to Avoid: Don't use the same password for different online accounts.
Photo: Kevork Djansezian/Getty Images
MORE: Best Password Managers
Pippa Middleton (2016)
The British royal family has had some bad luck with hackers, and Pippa Middleton, sister of the Duchess of Cambridge, wasn't exempt, despite not being a royal herself. An arrest was made this year shortly after Middleton's iCloud account was hacked and more than 3,000 private photos were stolen. Both Britain's The Sun and Daily Mail newspapers reported that a seller had contacted them under an anonymous name, offering the photos for a sum of at least $70,000.
How to Avoid: Enable two-factor authentication on your iCloud account.
Photo: Clive Brunskill/Getty Images
Charlie Sheen, the X Factor, Red Cross (2016)
A potential breach in Twitter security resulted in tons of celebrity and organization accounts — from Charlie Sheen to the accounts of the American Red Cross, Sky News and the New Yorker magazine — all tweeting out the same spam link in November 2016. Every tweet implored followers to click a link that would "get them more followers," a common refrain in spammy links. While it seems unlikely that each celeb or organization account user clicked a spam link, leading to their own hacking demise, it could be that hackers targeted Twitter as a whole, focusing efforts on high-profile users.
How to Avoid: Not clear, as this may have been an internal Twitter problem.
Photo: Kevin Winter/Getty Images
Rachel Roy (2016)
In a vicious attempt to defend the Beyhive at all costs, Beyoncé fans in the spring of 2016 were suspected of hacking an email account belonging to designer Rachel Roy after the internet theorized that she was, in fact, "Becky with the good hair," a reference Beyoncé makes to a rival for her husband's affections on the album "Lemonade."
As soon as the album was released, Beyoncé fans (and trolls alike) began endlessly commenting bee emojis on all of Roy's Instagram photos. Roy reportedly called the LAPD after discovering that her iCloud and Gmail accounts had been hacked, though the calls to police were never confirmed by sources other than TMZ. But we wouldn't put it past Queen Bey's most loyal followers to hack the account of a supposed enemy.
How to Avoid: Enable two-factor authentication on your email accounts.
Photo: Jennifer Graylock/Getty Images
