21-year-old woman charged with hacking Selena Gomez

Secret password-reset questions were too easy to answer with public information.

21-year-old woman charged with hacking Selena Gomez

Popstar Selena Gomez (138 million followers on Instagram, and counting…) had her account hacked last August.

It’s pretty embarrassing to have your Instagram account hacked, of course. But it’s even worse when the hacker chooses to publish nude snaps of your ex-boyfriend.

Especially if that ex goes by the name of Justin Bieber. Yeowch!!

Sign up to our free newsletter.
Security news, advice, and tips.
Bieber snap
A carefully-censored image of Selena Gomez’s Instagram account from late August 2017.

Now, a 21-year-old woman from New Jersey has been charged in connection with hacks of the email accounts of Selena Gomez and one of her associates.

According to the LA Times, Susan Atrach is believed to have broken into an Apple iCloud account and Yahoo account used by Gomez and her personal assistant.

And it’s reported that once again, a hacker is thought to have reset a celebrity’s password by using publicly-available information to answer “secret questions”.

Atrach is accused of gaining unauthorised access to the accounts several times from June 2015 through to February 2016, allegedly stealing digital content which was then posted online and shared with other people.

If convicted, Atrach could face a maximum possible sentence of nine years and eight months in a state prison.

All of us – celebrities and non-celebrities – should do all we can to prevent our private personal photographs from falling into the wrong hands.

That means:

  • Choosing a strong, hard-to-crack password for online accounts
  • Choosing a unique, different password
  • Not sharing passwords with other people
  • Enabling two-step verification or two-factor authentication when available, ensuring that hackers won’t be able to break into accounts by only knowing its password
  • Not choosing easy-to-guess answers to secret “Forgot your password?” questions
  • Being aware of phishing threats, and ensuring up-to-date security software is always being run
  • Being wary of delegating others (an assistant?) from accessing online accounts on your behalf

If you want to know more about securing your web email accounts be sure to listen to this edition of the Smashing Security podcast:

Smashing Security #014: 'Protecting webmail'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.