Numerous celebrities from South Korea have reportedly been blackmailed after they've gotten their Samsung Cloud personal data hacked, according to a recent report from the local media. More than 10 extortion cases involving actors, K-pop stars and famous chefs have been confirmed by the authorities.
This security issue is not related to the exaggerated reports of Samsung sending your personal files to China (which it doesn't), nor is the result of a phishing scam, at least according to a Korean hacker interviewed by Nate. Instead, the problem seems to be caused primarily by a lack of cautiousness from Samsung Cloud users who have reused their passwords and haven't enabled two-factor authentication (2FA).
Samsung is following in Apple's footsteps when it shouldn't
Interestingly enough, these recent events look similar to the incident suffered by Apple and its user base back in 2014, when private data from celebrities leaked on the web. That was before Apple made it easier for customers to enable 2FA.
Samsung accounts can actually be protected by 2FA, but the activation process is not very intuitive. Users have to open the Settings app, navigate to Accounts and backup, then Accounts, then they need to select their Samsung account, tap Password and security, and finally switch the Two-step verification toggle ON.
Enabling 2FA would make it more difficult for hackers to access an account even if its password has been compromised. And although it's easy to say that lack of prudence is at fault here, Samsung shares some blame as well because it makes 2FA authentication unnecessarily obscure.
If you're using Samsung Cloud – or perhaps One Drive now that Microsoft's solution is set to replace it – and you wish to alleviate your fears of getting hacked, make sure you don't reuse your password, and consider enabling 2FA for your Samsung account. Assuming that there's no actual security loophole in Samsung's cloud systems, the company will hopefully address this issue in a similar way to Apple and make it easier for users to enable 2FA.