“Apple Inc, which is poised to unveil new iPhones next week, and the FBI are probing reports hackers used the company’s iCloud service to illegally access nude photos of actress Jennifer Lawrence and other celebrities,” Duane D. Stanford reports for Bloomberg. “Hackers posted the nude photos on the anonymous image-sharing website 4chan, the Telegraph in London reported. The photos targeting more than 100 U.S. and U.K. celebrities were allegedly obtained by breaking into iCloud accounts, the newspaper said. Apple has fixed a bug in its ‘Find My iPhone’ software that may have allowed hackers to access celebrity iCloud accounts through so-called brute-force attacks that try multiple passwords, the Engadget technology website reported, citing developers.”

“The U.S. Federal Bureau of Investigation released a statement yesterday saying the agency is aware of the allegations ‘concerning computer intrusions and the unlawful release of material involving high profile individuals.’ The agency is ‘addressing the matter,’ Laura Eimiller, an FBI spokeswoman in Los Angeles, said by e-mail,” Stanford reports. “The risk to iCloud users will depend on whether the breach happened within Apple’s security or within the celebrities’ personal accounts, said Clifford Neuman, director of the University of Southern California’s Center for Computer Systems Security. Either way, some users may not understand when and how they are using such services, especially during the set-up.”

“One plausible explanation for a wide breach of private photos is by way of a password-retrieval system, said Woodrow Hartzog, who teaches privacy at the Cumberland School of Law at Samford University in Birmingham, Alabama,” Stanford reports. “Customers generally recover forgotten passwords by providing information or answering questions about themselves. Celebrities are particularly vulnerable to hacks of these programs because so much of their life history, such as where they were born, is available in biographies, news stories and websites like Wikipedia.”

Read more in the full article here.

MacDailyNews Take: Bad, bad, bad optics. In fact, it’s tough to imagine worse optics for Apple if they do indeed hope to debut a mobile payment system in a week. Yes, these celebrities should have used two-step verification for Apple ID if they wanted to keep their accounts secure, but there are no two ways about it: Failing to prevent brute-force iCloud password attacks long ago was a tremendous oversight for the world’s most valuable company. Apple needs to be equated with security and privacy. Today, they are not. Today, in the minds of the general public, Apple is insecure and nothing is private on Apple devices. Right or wrong, it’s doesn’t matter: These days, perception is everything. Once the narrative is out there, it’s very difficult to change (see: Apple Maps). Apple’s rather dysfunctional and often too-slow-to-react PR department has a challenge to rival Antennagate on their plates, one week ahead of the company’s most important events ever. Good luck, Apple!

Public Service Announcement: The problem is that too many people use one password for multiple services. The hackers guess it right once and than have access to all sorts of things: cloud storage, bank accounts, twitter, email, etc.

Regardless of the origination of these photo and videos, social engineering hacks can be thwarted, at least for iCloud. Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.

As we’ve written before: Always use unique passwords and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.

Related articles:
Celebrity or not, Apple isn’t responsible for your nude photos – September 2, 2014
Apple ‘actively investigating’ Jennifer Lawrence, other nude celebrity photos hack – September 1, 2014
Apple’s iCloud not likely the sole source of leaked Jennifer Lawrence, other nude celebrity photos and videos – September 1, 2014