Several A-list celebrities in South Korea have been extorted for hundreds of thousands of dollars

The cause could be a Samsung Galaxy phone or an unidentified security hole in the company's cloud service Or it could be that celebrities are reusing account passwords that were compromised through other means

According to the Korean website Natecom, K-pop stars, actors, and even famous chefs have been asked for sums ranging from 50 million won (about $43,000) up to 1 billion won (about $862,000) If they do not comply, the extortionists threaten to release compromising chat threads, photos, and videos

So far, "more than 10 extortion cases" have been identified and confirmed by authorities In one case, unidentified blackmailers released a private conversation with famous Korean actor Cho Jin-mo after he refused to pay

Other stars have also reportedly paid ransom after extortionists proved they had compromising material Korean celebrities are extremely vulnerable to disgrace and public humiliation

The extortionists - described by Natecom as "hackers" but it is not yet clear how they obtained the private material - also contacted the celebrity's friends and family, warning them of what would happen if the celebrity did not comply with their demands

The issue may involve Samsung Cloud, which backs up personal data and device settings on Samsung Galaxy phones and tablets to Samsung's servers, allowing users to quickly migrate to new Galaxy phones

Natecom contacted an unidentified person who claimed to be one of the people who may have stolen data from a celebrity's Samsung Cloud account The "hacker" appeared to be a non-native Korean speaker and implied that he was downloading data from the Samsung Cloud account to a new phone

It is unclear how the "hacker" gained access to the Samsung Cloud account, but if the targeted celebrity did not have two-factor authentication (2FA) enabled on his Samsung account, all he needed to transfer his Samsung Cloud data to his new phone was would have been only a username/email address and password

If the credentials of another account of the targeted celebrity were part of a larger data breach, an attacker could attempt to use those credentials to access the celebrity's cloud account If the celebrity reuses passwords and does not have 2FA enabled, the attacker would likely succeed

Natecom experimented with this method and was able to transfer a user's Samsung Cloud backup to a new phone with just a username and password

This apparent situation is similar to the incident Apple faced in 2014, when private images and videos of several celebrities were leaked onto the Internet, presumably from Apple's iCloud service This incident, dubbed "The Fappening" due to online notoriety, made it easier for Apple to use 2FA

Samsung has not yet taken that step -- we could not find any instructions on how to enable 2FA on a Samsung account However, we could not find a way to enable 2FA on a Samsung account