A former high school teacher is to plead guilty to hacking into the online accounts of celebrities and stealing naked photographs and other private information.

30-year-old Christopher Brannan, who taught at Lee-Davis High School in Hanover County, Virgina, was charged back in April with identity theft and unauthorised access to computer systems.

The attacks occurred between August 2013 and October 2014, and saw Brannan hack into accounts on Yahoo, Apple iCloud, and Facebook after guessing answers to celebrities’ security questions using information gleaned from stars’ social media accounts. In addition, Brannan also admitted that he had phished passwords by sending fraudulent emails that posed as messages from Apple’s security team.

According to court documents, Brannan also admitted breaking into, or attempting to hack, the accounts of current and former teachers and students at the high school.

The names of the celebrities who were targeted by Brannan are not likely to be officially released in an attempt to protect their privacy. It must be bad enough having for a woman to have her naked photos appear unexpectedly on the internet, without giving gossip magazines and websites another excuse to publish pixelated screencaps of the stolen snaps in reports about the perpetrator’s guilty plea.

What strikes me about this case is that Brannan’s techniques were not that sophisticated. He guessed the answers to his victims’ security questions by perusing their posts on social media, and phished passwords by posing as Apple’s security team.

Both of these threats are easy to counter if you know how:

When choosing the answer to a security question on a website account, *never* tell the truth when asked the name of your best childhood friend, favourite holiday destination, or place where you met your partner. Instead, use a decent password manager to generate a random sequence of characters (just as you would with a password) and use *that* as the answer to your security question. Of course, you won’t be able to remember that security answer – so get your password manager to remember it for you.

Enable two-factor authentication (2FA) for your online accounts wherever possible. That way, it will be much much harder for an unauthorised person to access your online account even if they do manage to phish your password from you. I’ve included a helpful list to directions on how to set up 2FA on many online services below.

Christopher Brannan isn’t the last person who will try to break into someone’s accounts for cheap thrills. Make sure you’ve done everything you can to harden your online presence to help keep hackers out.

Read more about two-step verification:

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.