FBI, Apple investigating alleged iCloud hack of celebrity nude, sex photos and videos

“Apple Inc, which is poised to unveil new iPhones next week, and the FBI are probing reports hackers used the company’s iCloud service to illegally access nude photos of actress Jennifer Lawrence and other celebrities,” Duane D. Stanford reports for Bloomberg. “Hackers posted the nude photos on the anonymous image-sharing website 4chan, the Telegraph in London reported. The photos targeting more than 100 U.S. and U.K. celebrities were allegedly obtained by breaking into iCloud accounts, the newspaper said. Apple has fixed a bug in its ‘Find My iPhone’ software that may have allowed hackers to access celebrity iCloud accounts through so-called brute-force attacks that try multiple passwords, the Engadget technology website reported, citing developers.”

“The U.S. Federal Bureau of Investigation released a statement yesterday saying the agency is aware of the allegations ‘concerning computer intrusions and the unlawful release of material involving high profile individuals.’ The agency is ‘addressing the matter,’ Laura Eimiller, an FBI spokeswoman in Los Angeles, said by e-mail,” Stanford reports. “The risk to iCloud users will depend on whether the breach happened within Apple’s security or within the celebrities’ personal accounts, said Clifford Neuman, director of the University of Southern California’s Center for Computer Systems Security. Either way, some users may not understand when and how they are using such services, especially during the set-up.”

“One plausible explanation for a wide breach of private photos is by way of a password-retrieval system, said Woodrow Hartzog, who teaches privacy at the Cumberland School of Law at Samford University in Birmingham, Alabama,” Stanford reports. “Customers generally recover forgotten passwords by providing information or answering questions about themselves. Celebrities are particularly vulnerable to hacks of these programs because so much of their life history, such as where they were born, is available in biographies, news stories and websites like Wikipedia.”

Read more in the full article here.

MacDailyNews Take: Bad, bad, bad optics. In fact, it’s tough to imagine worse optics for Apple if they do indeed hope to debut a mobile payment system in a week. Yes, these celebrities should have used two-step verification for Apple ID if they wanted to keep their accounts secure, but there are no two ways about it: Failing to prevent brute-force iCloud password attacks long ago was a tremendous oversight for the world’s most valuable company. Apple needs to be equated with security and privacy. Today, they are not. Today, in the minds of the general public, Apple is insecure and nothing is private on Apple devices. Right or wrong, it’s doesn’t matter: These days, perception is everything. Once the narrative is out there, it’s very difficult to change (see: Apple Maps). Apple’s rather dysfunctional and often too-slow-to-react PR department has a challenge to rival Antennagate on their plates, one week ahead of the company’s most important events ever. Good luck, Apple!

Public Service Announcement: The problem is that too many people use one password for multiple services. The hackers guess it right once and than have access to all sorts of things: cloud storage, bank accounts, twitter, email, etc.

Regardless of the origination of these photo and videos, social engineering hacks can be thwarted, at least for iCloud. Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.

As we’ve written before: Always use unique passwords and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.

Related articles:
Celebrity or not, Apple isn’t responsible for your nude photos – September 2, 2014
Apple ‘actively investigating’ Jennifer Lawrence, other nude celebrity photos hack – September 1, 2014
Apple’s iCloud not likely the sole source of leaked Jennifer Lawrence, other nude celebrity photos and videos – September 1, 2014

39 Comments

  1. “The problem is that too many people use one password for multiple services. The hackers guess it right once and than have access to all sorts of things: cloud storage, bank accounts, twitter, email, etc.…”

    Apple has been saying as much since they introduced Appletalk.

    Trying to do what is best to maintain privacy is as much of a success telling people (>20%) not to their house keys under a mat, planter, or to give a copy to a neighbour (~50%)

    Interesting that we accept the media which gets most of their news from bloggers and then defines their editorials and opinions by publishing what is more provocative.

    As they say: What looks like shit, smells like shit, is most likely shit.

  2. The FBI got involved in less than 24 hours. They couldn’t find the time to interview folks for the IRS scandal, can’t find Lois Lerner’s emails, no witness interviews for Benghazi, Fast and Furious, the NSA fiasco – oh wait, these are Odumbo’s donors; better get on this ASAP!!!

  3. Frankly I’m quite tired of all this news. Analysts putting their two cents in, amateurs doing the same, celebs blaming Apple and Icloud and no conclusive info….yet. I posted the other day that I have never been hacked, used keychain and the Safari password generator. I started using the 2 step verification system two months ago. Never a problem. I am willing to give Apple the benefit of doubt until all is sorted out. There are simply too many rumors out there from possible Dropbox hacks to others. None of us truly know as what’s going on period. As far as these celebrities being hacked are concerned frankly I don’t care. If they or others are too stupid and keep crap anywhere too bad. Read the fine print and if you can’t read find someone to do it for you.I’m more concerned about protecting my financial data and more important things than a bunch of nude chicks.

  4. My cousin encouraged I’ll like that web site social networking site. This individual once were fully appropriate. The following upload actually designed my day. You are unable to consider merely the fact that lot moment I’d put in just for this facts! Appreciate it!

  5. I really do look at all of the concepts you may have announced inside your write-up. These are seriously genuine and might definitely work. Nonetheless, the particular discussions are extremely limited for starters. May you want increase these slightly coming from subsequent moment? Information publish gölcük.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.