Jennifer Lawrence

Apple “actively investigating” if iCloud security responsible for celebrity nude photos leak

Private pictures of 101 celebrities including  Jennifer Lawrence, Ariana Grande, Victoria Justice and Kate Upton posted

UPDATE: Apple has issued the following statement:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source.

Our customers privacy and security are of utmost importance to us.

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

[divider]

Apple has launched an investigation into how nude photographs of over a hundred celebrities were leaked online late last week, after claims a hack on their iCloud accounts was to blame.

In a statement, an Apple spokesperson said:

“We take user privacy very seriously and are actively investigating this report.”

The photos appeared after a user on 4chan, an image sharing forum, posted private pictures of 101 celebrities including  Jennifer Lawrence, Ariana Grande, Victoria Justice and Kate Upton.

Pictures of British stars Kelly Brook, Cara Delevingne and Cat Deeley, as well as US stars Rihanna, Kim Kardashian, Kirsten Dunst, Kate Hudson and Selena Gomez are among those also claimed to have been acquired but yet to be circulated online.

While some stars have claimed the pictures are fake, others seem to have confirmed that it is them in the images.

The person who leaked the photos said they had been stolen after gaining access to the victims Apple iCloud accounts, where photos taken on their iPhone and iPad are automatically synced to.

Lawrence issued a statement describing the hack as a “flagrant violation of privacy,” while others claimed the photographs of them were fakes. Lawrence’s management team added:

“The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

Although it isn’t yet clear how the attack took place, a number of security experts have explained how the hack could have happened – and how to avoid it happening again.

“Even if they were all using iCloud, it’s possible that there isn’t a security hole in iCloud itself but rather that celebrities had not properly secured their accounts with – for instance hard-to-guess passwords.”

There is lots of speculation that a piece of software called iBrute may have been used. iBrute uses what is called a bruteforce attack to guess the password of an iCloud account by automatically trying millions of words until the right one is found.