Apple ‘actively investigating’ alleged iCloud hack that led to leaked celebrity nudes


Screen Shot 2014-09-01 at 4.44.06 PM

Apple is “actively investigating” if and how iCloud is to blame for the hacking of numerous celebrity accounts.  Dozens of nude and scandalous photos were posted on the internet over the weekend featuring famous actresses like Jennifer Lawrence and Kirsten Dunst.

Though still unconfirmed at this point, many have speculated that the hack was a result of a flaw in iCloud’s security.

“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Recode in a statement today. While some of the victims have called the leaked photos of them fakes, Jennifer Lawrence’s publicist confirmed their authenticity and called them a “flagrant violation of privacy.”

The Guardian spoke to security experts who examined the hack and believe that it relied on automated brute-force attacks against the celerities’ iCloud accounts where many of the pictures were stored. “The attackers never should have been allowed to make an unlimited number of guesses,” one threat researcher said.

A piece of software on Github called iBrute claimed to be able to hack an iCloud account by guessing its password repeatedly until it gets it right. Apple quietly patched the flaw shortly after the media started reporting on the controversy surrounding the leaked nudes.

The last time Apple’s iCloud security came under this much scrutiny was when Wired writer Mat Honan had his digital life erased. The result was that Apple added two-factor authentication as a security option for its users, a feature that would have likely saved the privacy of many celebrities affected by this recent hack.

  • sflomenb

    Just enabled two-step authentication to prevent stuff like this from happening

  • Michael Smith

    Other essential services that use 2 factor authentication are Google, Dropbox and Evernote, if you have those you should enable it also.

  • Using your actual internal memory instead of the cloud kinda solves this whole issue.

  • Assuming the photos are real or appropriated, the question is how can any celebrity expect to challenge the internet, the message boards and claim that the photos can not be duplicated? Which is to ask at what point when an individual chooses to store material that can be uploaded on an Apple Icloud service (who then claim ownership) and then somehow disseminated be expected to retain rights over those photos, especially when they are in the business of being a public figure- which is to ask legitimately how much rights does a public figure have of their image and how far can they actually go to control it, never mind the illegal means which said photos were retrieved….