Apple is “actively investigating” if and how iCloud is to blame for the hacking of numerous celebrity accounts. Dozens of nude and scandalous photos were posted on the internet over the weekend featuring famous actresses like Jennifer Lawrence and Kirsten Dunst.
Though still unconfirmed at this point, many have speculated that the hack was a result of a flaw in iCloud’s security.
“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Recode in a statement today. While some of the victims have called the leaked photos of them fakes, Jennifer Lawrence’s publicist confirmed their authenticity and called them a “flagrant violation of privacy.”
The Guardian spoke to security experts who examined the hack and believe that it relied on automated brute-force attacks against the celerities’ iCloud accounts where many of the pictures were stored. “The attackers never should have been allowed to make an unlimited number of guesses,” one threat researcher said.
A piece of software on Github called iBrute claimed to be able to hack an iCloud account by guessing its password repeatedly until it gets it right. Apple quietly patched the flaw shortly after the media started reporting on the controversy surrounding the leaked nudes.
The last time Apple’s iCloud security came under this much scrutiny was when Wired writer Mat Honan had his digital life erased. The result was that Apple added two-factor authentication as a security option for its users, a feature that would have likely saved the privacy of many celebrities affected by this recent hack.