Recently, a huge string of hackers were exposed for getting into private boudoir galleries and downloading images of nude models and clients directly from the photographer’s websites. Some of these people were using them for personal pleasure, as ransom to get money from the model/client, and many more other disgusting things. I reached out to Erin from Erin Watson Photography, who was one of the targets of the group of hackers. She gave us more insight into what happened so we could see what could be done to prevent situations like this from occuring again.
About a month ago, Erin received a huge spike in views on her Zenfolio hosted website. A lot of the views were specific to her boudoir galleries. Concerned, she emailed Zenfolio and got a response that the only thing to do was change her passwords. She did that and then the traffic actually went back to normal. Maybe it was the change of passwords or maybe they gave up because they could not actually access her galleries. Erin says she really did not think much about the spike in traffic until a few nights ago when she, along with a handful of other boudoir photographers, received a message that said the following.
“A very kind photographer just alerted me to a group of hackers trying to get into my boudoir galleries. Nothing was compromised, and I just shut everything off to be extra safe, but I just spent awhile reading the message boards of these guys, and they have hacked literally thousands of photographers' galleries. Thousands! Mostly (they got hacked) because SO MANY photographers used "boudoir" or the client's first name for the password. If you are a boudoir photographer, LOCK YOUR PHOTOS DOWN, and do so using a word that isn't obvious or easy to figure out. Also, make sure you password protect a gallery before uploading photos into it. Some of these guys follow the SmugMug and Zenfolio RSS feeds and get into the galleries while the images are being uploaded, before passwords have been added.”
The last thing anyone wants is for their client to be exposed. To get a perspective of how one might feel I asked a few questions to Erin, who was kind enough to answer them and give some more views into what was going on.
Q. Erin, how did you initially find out about the people trying to hack boudoir galleries?
“I first saw it posted in one of the boudoir groups on Facebook, then shortly after, another photographer messaged me (as seen above). This whole thing is a mess though. I will say I’ve really been impressed by the community. I’ve gotten 4 separate messages from other photographers I didn’t know who also notified me about it”
Q. What was your initial reaction to hearing about what was going on?
“I had mixed emotions. I’m disappointed to find out there is a community out there that is doing this and also that it took almost two years to find out that it was happening. I think it’s quite eye-opening for many photographers to realize that their clients’ images weren’t as safe as they assumed. The silver lining though is that I’m impressed by the community for reaching out to others and trying to help each other out.”
Q. Now that you know what is going on, are you doing anything new to prevent any chances of someone actually making it into your galleries compared to before?
I already keep a close eye on the activity of my clients’ galleries, which is why I was able to stop anything from happening the first time, but I will be implementing more secure passwords and only keeping galleries open for a short time now. I have seen quiet a few photographers say they are also switching to in person sales only, which I think is a great idea as well!”
Below are some screenshots from a forum the hackers were talking through, found on BrandSmash
BrandSmash also published 5 tips to Secure Your Photo Galleries
- Meet in person only. Being face to face with your client is one of the most profitable sales tactics. Even if all you are doing is giving your client the digital copies, keeping them on a flashdrive and hand delivering these private boudoir images will keep them offline (on your end) and out of the hands of hackers.
- NEVER use names for passwords. The top way that the hackers were getting into the galleries was simply from guessing the passwords. If your password is the first or last name of your client, you are only making it easier for other people to access their photos.
- NEVER use password hints on a boudoir gallery. If they couldn’t figure out a topic to guess off of in the first place, creating a hint is only going to help them that much more. Remember, boudoir pictures are not like a senior portrait sessions. They (usually) are not put in frames and sent to grandma to hang on her fridge and most clients want to keep them private.
- Use a string of words as the password. Don’t focus on random letters and don’t focus on one word passwords. Create a long string of words instead.
- Password protect your backup programs as well. The hackers are not only attempting to get into the gallery, they are also trying to get into Dropbox accounts, copy accounts, and other software. This is a game for them, so they keep trying until they win.
Don’t allow these people the opportunity to access your clients’ personal boudoir photos. Lock down the galleries as best as possible and make sure to go the extra mile to lock your backup applications as well. If you are someone who recently took boudoir photos, make sure to pass this on to your photographer so you don’t fall victim to these hackers. Not everyone is lucky enough to have someone like Erin Watson watching over their galleries actively while able to notice out of the ordinary activity and then act on it to prevent anything bad from happening.