A consumer cloud account holds a decade of photographs, scanned documents, backup of every device the principal has owned, and, increasingly, conversations the principal has had with their phone. A breach of the account is a breach of the principal's life as documented. The account is usually secured to a consumer standard.
The breach pattern is usually credential reuse: the principal used the same password on the cloud account that they used on an unrelated service that was itself breached. The cloud account is then accessed using credentials that the principal had not thought of in years.
The account holds more than the principal generally remembers. Old passport scans uploaded for a long-forgotten visa application. Financial documents shared with an accountant. Photographs from years ago that included details (room interiors, paperwork on desks, family members) that the principal would not have chosen to publish.
The work is to know what is in the account, to migrate the most sensitive of it to storage that is held to a different standard, and to harden the account itself with two-factor that depends on a hardware key rather than a phone number.
·
It is worth knowing what is currently visible. The rest follows from that.
More from the desk
The medical record and the clinic that holds it
The personal protection detail and the published detail
The phishing that knows your name and your bank
How a SIM swap works, and what it takes from you
The public company board seat and the disclosure it creates
The business of finding things out, and the customers it serves