Apple ‘actively investigating’ alleged iCloud hack that led to leaked celebrity nudes

Screen Shot 2014-09-01 at 4.44.06 PM

Apple is “actively investigating” if and how iCloud is to blame for the hacking of numerous celebrity accounts.  Dozens of nude and scandalous photos were posted on the internet over the weekend featuring famous actresses like Jennifer Lawrence and Kirsten Dunst.

Though still unconfirmed at this point, many have speculated that the hack was a result of a flaw in iCloud’s security.

“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Recode in a statement today. While some of the victims have called the leaked photos of them fakes, Jennifer Lawrence’s publicist confirmed their authenticity and called them a “flagrant violation of privacy.”

The Guardian spoke to security experts who examined the hack and believe that it relied on automated brute-force attacks against the celerities’ iCloud accounts where many of the pictures were stored. “The attackers never should have been allowed to make an unlimited number of guesses,” one threat researcher said.

A piece of software on Github called iBrute claimed to be able to hack an iCloud account by guessing its password repeatedly until it gets it right. Apple quietly patched the flaw shortly after the media started reporting on the controversy surrounding the leaked nudes.

The last time Apple’s iCloud security came under this much scrutiny was when Wired writer Mat Honan had his digital life erased. The result was that Apple added two-factor authentication as a security option for its users, a feature that would have likely saved the privacy of many celebrities affected by this recent hack.

About the author

Alex HeathAlex Heath is a staff writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: |