What's with the phone hacking? Do celebs just leave their unlocked phones (with compromising pictures) lying around?
—Julia R., via Facebook
Piñatas filled with very grown-up candy.
You'd think that after so many other phone hacking stories (Scarlett Johansson, Christina Aguilera, Miley Cyrus, Blake Lively, Mila Kunis), stars might think about changing their passwords a bit more often—or that cell phone companies might develop tighter security. Especially when, at least, in the case of Morris, you've got nekkid pictures at stake.
So who's at fault?
I spoke with several hacking experts. (Not because I'm, say, very eager to hack Chris Pine's cell. Unless there are photos from the new Star Trek, in there. Then I really, really want to hack into Chris Pine's cell.)
I was surprised to hear that, even with all the major scandals we've seen in recent years, stars likely aren't doing much more to keep their phones hacker-free.
"In most cases when photos are stolen, the thief has usually guessed a password, which enables you to download the photos and forward them off to your own site," Paul Henry, an analyst at the IT security company Lumension, tells me.
"That strategy really hasn't changed much. There've been stories recently about apps that will ask your permission and download your photos, but we haven't really heard of photos being stolen like they were in the Christina Hendricks's instance."
For the record, Hendricks had several photos stolen from her phone. And to complicate matters, at least one of those photos was doctored—a fake "topless" shot.
As for Munn, it's not quite so clear whether she was hacked at all; racy photos purporting to be her have popped up online, but she has implied that she was not hacked.
All this said, there is a chance that this fresh crop of hackings came despite careful password precautions.
"We don't know the details of the hack," says Don DeBolt, director of threat research at Internet security company Total Defense.
But, he adds, "maybe someone sent her malware in an attachment and she was tricked into installing it. I'm really curious to know the attack vector and whether she had an Android or iPhone.
"If malware was the attack vector she more than likely had an Android phone."
Hmmm. So maybe a date with Siri should be in these gals' future?
(Originally published March 6, 2012, at 3:40 p.m. PT)