Don't use an internet connected device to take any photo you wouldn't want publicly seen says Charles Sturt University (CSU) IT security expert Dr Tanveer Zia.

Dr Zia said the publication online of a series of hacked photographs of female celebrities has underlined the need for internet users to revisit their online habits.

"When we post information online, we lose some control of it," Dr Zia said.

"In today's interconnected world, a photograph taken through a smart device may be automatically posted on a social network site if a user has activated this has to happen. 

"For example, with several devices (iPhone, iPad, iPod) enabled to sync with one iCloud account and having the My Photo Stream function activated, every time a user takes a photo with any of these devices it is stored in iCloud as soon as the user is connected to Wi-Fi. 

"In the wake of this latest incident, users should consider not taking any photos which they would not want publicly seen. You should not assume that a photo deleted from a device is permanently deleted, it might be sitting somewhere on its synced device or a cloud service such as iCloud or Dropbox. And you should never rely on the default security settings of a device - in this particular scenario, turn off iCloud photo syncing or automatic backup in other smart devices."

The latest series of hacked photos were posted on 4chan, an image based bulletin board, by anonymous hacker(s) who claimed that the photos are taken from celebrities' iCloud accounts.

Dr Zia, Associate Head of School at CSU's School of Computing and Mathematics, said, "Theories have emerged on various tech blogs that the hackers found a possible vulnerability in iCloud's 'Find My iPhone' service which was exploited through a brute force attack, a trial and error method".

"Apple has reported that it is 'actively investigating' the violation of several of its iCloud accounts.

"This incident leads to much broader discussion on cyber security and online privacy. How much of our data are safe when posted online?  Who can access it and, if we need to remove it, how do we make sure that it is removed permanently?"

Dr Zia said it was almost impossible to create strong passwords for the dozens, if not hundreds, of online social networks or services many internet users subscribed to.

"Many innocent users fall victim to social engineering and phishing attacks where they accidently reveal too much personal information which makes it easy for a smart hacker to guess their passwords," he said.

"This incident, and many other similar incidents, reinforces the need for two factor authentication used by many banks where a transaction is not completed unless the user enters a code sent via SMS along with their online passwords."