1. Social engineering techniques: One of the most common ways that access is gained to a user’s personal data is through the use of password recovery systems. This can be as simple as acquiring a certain level of personal information, which may be more readily available on celebrities. The knowledge of your first pet’s name, or the middle school you attended, can allow unscrupulous users to reset the password to email accounts, or potentially even cloud services. Even something as simple as an easily guessed password, or the habit of using the same password for every sort of account, can be dangerous. If someone managed to acquire your account password elsewhere, they then have access to any other accounts that use that password.
2. Physical security failures: There are many common behaviors that can leave a person open to having their data accessed against their will. For example, losing a phone or a laptop, or even leaving them logged into your accounts while you leave their presence. Many people lose phones, or give them away without truly having wiped the data. Even if a user believes that a hard drive or phone storage device has been cleared personal information can still be retrieved with minimal effort through the use of software. Additionally, despite the obvious implications, many people share their passwords with others or are incautious when entering passwords in the presence of others. These are often very simple methods of accessing the personal data of others, and would never be detected after the fact. I believe that many such ‘hacks’ have been, in reality, as simple as someone looking over another person’s shoulder.
3. Irresponsible use of public WiFi: Another common method of stealing information or access from unwitting users is through the use of WiFi networks. There are two ways in which these networks can be harmful to your privacy, through vulnerabilities in your personal wireless network at home, and through accessing and using public wireless networks provided by others. Many people do not upgrade their internet routers, and some of the older ones can have their security protocol (AKA your wireless password) guessed in a few minutes by simple programs. After a hacker has acquired the password, he can often access other computers on the network or even change the settings on the router itself, to do such things as give himself access to un-encrypted traffic, which could very well be a user uploading a picture or entering a password. This use of router access to access data is also the method of attack by hackers who provide public wireless networks, which they may assign the name of a legitimate business to, in the hopes of recording someone sending a password or other personal data through their insecure connection.
Of course, although these three things account for the vast majority of illegitimate intrusions into personal data, there can be very real issues with online security. There has been speculation that Apple’s “Find My iPhone” feature may have been responsible for at least some of the access, and given that the vulnerability was patched shortly after the announcement of the leaks was made, there may be some truth to it. You can read more about the phenomenon here.