“The man suspected of hacking celebrities’ iCloud accounts last year and posting their revealing photos online, in what became known as “The Fappening”, allegedly found his way into as many as 572 iCloud accounts,” Thomas Fox-Brewster reports for Forbes.
“According to a recently-unsealed search warrant and affidavit, US law enforcement have tracked the attacks on Apple customers back to one IP address, based at the Chicago residence of one Emilio Herrera,” Fox-Brewster reports. “That IP address was used to enter those compromised accounts 3,263 times between 31 May 2013 and 31 August 2014.”
“It’s odd that one IP address could have been linked to accessing that many accounts without a warning going off at Apple,” Fox-Brewster reports. “That’s if there are mitigations to flag this kind of suspicious activity.”
Read more in the full article here.
“The affidavit for the first time confirms the scope and authenticity of the picture leak — ‘female celebrities’ are listed as victims, though by initials only: ‘A.S., C.H., H.S., J.M., O.W., A.K., E.B., and A.H,'” Sam Biddle reports for Gawker. “These initials presumably refer to Abigail Spencer, Christina Hendricks Hope Solo, Jennette McCurdy, Olivia Wilde, Anna Kendrick, Emily Browning, and Amber Heard (though we could be incorrect).”
Biddle reports, “A still-sealed affidavit obtained and reported by the Chicago Sun-Times refers to a J.L., presumably Jennifer Lawrence, the breach’s highest-profile victim: ‘The agent described one interview with ‘J.L.’ that he had to stop because she became ‘very distraught.’ ‘J.L. stated she was having an anxiety attack and was visibly shaken,’ the agent wrote.”
Biddle reports, “It’s clear now that the celebrity iCloud heist was done through the oldest (and most reliable) method of online malice: phishing emails and a password reset.”
MacDailyNews Note: Too many people use one password for multiple services and weak passwords at that. Once hackers guess that password, they then have access to all sorts of things: cloud storage, bank accounts, Facebook, Twitter, email, etc.
Regardless of the origination of these photos and videos, social engineering hacks can be thwarted, at least for iCloud. Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.
Always use unique passwords and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.
SEE ALSO:
iCloud accounts at risk after hacker releases tool allowing access to any login – January 2, 2015
Jennifer Lawrence calls nude photo hacking a ‘sex crime’ – October 7, 2014
Apple’s iCloud security nightmare gets worse as more nude celebrity pics leak – September 21, 2014
Since the celebrity nude iCloud hacks, one third of Americans have improved their online security – September 8, 2014
Apple denies iCloud breach – September 3, 2014
How easy is it to crack into an Apple iCloud account? We tried to find out – September 3, 2014
Celeb nudes: Comprehensive review of forum posts reveals no mention of ‘Find My iPhone’ brute force technique – September 2, 2014
Apple’s iCloud is secure; weak passwords and gullible users are not – September 2, 2014
Apple: No iCloud breach in celebrity nude photos leak – September 2, 2014
FBI, Apple investigating alleged iCloud hack of celebrity nude, sex photos and videos – September 2, 2014
Celebrity or not, Apple isn’t responsible for your nude photos – September 2, 2014
Apple ‘actively investigating’ Jennifer Lawrence, other nude celebrity photos hack – September 1, 2014