Originally posted by vonBaloney No offense was intended. It is not about the value you place on it, it is about the probability that some hacker will place value on it. (Which is why I made exceptions for celebrities and salaciousness.) ANYTHING (bad) has some chance of happening, so you can burden yourself with fears of EVERYTHING if you want, but it is not terribly productive. The scenario you describe is just so unlikely as to be unworthy of concern, that's all. It is like if you said to me that you never go outside because you might get hit by lightning. And then I say that's silly, and you say, "Well, maybe you don't value your life..."
Speaking from the standpoint of someone who has had to deal with actual hackers hacking actual servers and stealing actual data which was converted into actual money -- the only way any hacker is going to give the lightest rip about a photo you took is if it's particularly illegal pornography that they could sell, or something they could use to blackmail someone with money, or humiliate someone famous. And they'd need to know it was there in the first place, or they wouldn't bother. It's a much better time investment to penetrate weakly defended financial and personal data. You can make large amounts of money that way.
Possible exception: If the hacker in question knows you and you pissed him off. And if that happened, he'd be far more likely to go after your home machine than your backup storage. For that matter, even a hacker who *doesn't* know you is likely to have some automated processes that try to hack your home machine, and any others they can find, but only to use to help them hack businesses (and maybe to capture any credit card data you enter into web forms).
Von Baloney is right on the money with his analogy. It's a nonexistent risk compared to the risk of simply having your photos stored on device at home that's connected to the internet.
---------- Post added 11-11-14 at 03:06 PM ----------
Originally posted by vonBaloney In order to access my cloud drive, all I need is my email address and my normal Amazon password, so that's not terribly secure.
And all you need to transfer money out of your bank account is your username and bank password. (and maybe a challenge question answer. Or if your bank has really good security, an RSA token that changes every few seconds). That doesn't mean that a bank has bad security. It does mean that for a specific user's data, the weakest point is that user's ability to access said data. (And this is why you should use good passwords, a non-obvious username, and pick challenge questions only you'd know the answer to, or better yet, pick challenge questions anyone might guess or know, but store incorrect answers to them (what color was your first car? 1957. Who was your favorite teacher in high school? motorcycles. What is your favorite movie? [my last name] (side note: on the first iteration of our in-house online banking back in the early 2000s, our challenge questions were stored in plain text, and our support staff used them as one of the tools to validate customer identities. We changed that after a few too many embarrassing moments. My favorite was the customer who could remember his answer to "my favorite movie".. but couldn't remember just how many exclamation marks he used after the word "PORNOS!!!" -- it was something like 15. )
Sorry if this is too technical:
If were a hacker, and was able to compromise the online banking database at the bank I used to work for, I'd have access to a long list of preference settings, and maybe email addresses or usernames. I forget if those were encrypted. I'd also have a long list of encrypted data that could, with the proper code, be decrypted, to get things like your mailing address and (if they weren't in the clear) email address and username. There'd also be a long list of hashed (that is, 1-way encrypted) data, which could only be decrypted if someone were to take the encryption code, build a list of every possible encrypted string, and then compare each hashed value with that very, very large list. (And smart coders use a different salt for each value, so they'd have to create that massive list for every single password, not for the whole customer list). The most likely thing that would happen here is the hacker would say "Oh, screw that" and go plunder a poorly protected eCommerce site (happens all the time, and few of them ever bother reporting it to the press, assuming they even find out it happened in the first place), or if he had a particular goal in mind at the bank (say, stealing a boatload of money from a specific customer), compromising the customer's actual computer, or using social engineering to get access (for example, convincing someone at the bank to change the registered email address, reset challenge questions, and smooth over whatever other roadblocks were in the way of logging into the account because they think they're helping the very nice but technically challenged customer.)
Wow, was that off-topic. Sorry. I can't concentrate on work today, but everything else is getting my full attention and way too much detail!