Skip to main content

Apple ‘actively investigating’ alleged iCloud hacking that caused celebrity nude photo leak

icloud

Re/code has received a statement from Apple about the alleged hacking incidents. Natalie Kerris says:

“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.

As is the norm with Apple’s public facing commentary, the company has not said much about the situation. Somehow, compromising personal pictures of several celebrities have leaked online and many are blaming iCloud as the root cause. The events are muddled by the fact that some of the reported claims have transpired to be fake Photoshopped images, although some — like the images of Jennifer Lawrence — have been confirmed to be legitimate.

Earlier today, a brute-force iCloud exploit was highlighted that may offer an explanation for the leaks, where Apple servers were repeatedly pummelled with common passwords to try and break entry into user’s accounts. This flaw has already been patched, but it is important to note that this issue is not necessarily linked to the celebrity hacks. It is also unclear when the vulnerability was first exploited. Photo Stream only stores the last 1000 images, so it seems likely that those responsible has been working for a while to collate the collection of images.

It is also important to stress that something else entirely, not iCloud, could be the root source of the hacks. 9to5Mac will report on the happenings as it evolves. For now, the best advice to protect against such attacks is to enable two-factor authentication, which makes dictionary attacks near-impossible to pull off.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. mrabernasty - 10 years ago

    Jennifer Lawrence.. Not Jessica.

  2. Avenged110 - 10 years ago

    It doesn’t have to be a Photo Stream. A more likely source of old pictures would be accessing an iCloud-stored backup.

    • Bruno Fernandes (@Linkb8) - 10 years ago

      I’ve looked at all the pictures posted as of last night – they didn’t appear to come from iCloud. They may not have even all come from the same service/source. And they most definitely didn’t come from hacked accounts of all the celebrities mentioned – that is absolutely obvious to anyone who actually looks at the images. I won’t make any public hypothesis about exactly what I think happened, but I’m eager to see the results of the various investigations.

  3. I suspect it’s a combination of sources, icloud sure but also the google drive hack from a few months ago (remember this much capturing probably took months). As well as other photo sharing compromises over the past few months too.

    • jedwards87 - 10 years ago

      This is very true, but remember the Apple hating media will blame this all on Apple.

  4. Joshua Hale - 10 years ago

    This is not real news! It’s already been said that the photos are fake!!!

    • Bruno Fernandes (@Linkb8) - 10 years ago

      There are some mislabeled or misidentified photos, but none are “fakes” in the sense of photoshop edits.

    • cdmoore74 - 10 years ago

      I’ve studied them “long and hard” and many are not fake. Not all of them are legit but many are real. I’m not surprised to see celebs deny them even if real because their too embarrassed.

      • yourwurstnightmare - 10 years ago

        maybe you should’ve studied grammar a bit longer. lel.

  5. Gregory Wright - 10 years ago

    “It is also important to stress that something else entirely, not iCloud, could be the root source of the hacks.”

    Well, you wouldn’t think it based on the implications of this article.

  6. Tim Acheson - 10 years ago

    Sorry, but no.

    This meaningless statement from Apple is clearly designed to plant seeds of doubt about Apple being at fault, by implying based on no evidence whatsoever that Apple platforms and devices may not be to blame. It is a transparent attempt to deflect blame and discussion of the issue away from iCloud, loyally reported by the corporate tech media without question.

    Indeed, the fact that Apple remains silent about the nature and scale of these breaches very strongly indicates that the corporation is at fault and knows it, because if if they could point the finger of blame elsewhere they obviously would not hesitate to do so — immediately and loudly.

    Apple should already know what caused this breach of iCloud security and unauthorised access to iCloud data. If they truly still do not know, that would indicate further negligence and/or incompetence.

    • zammitluke - 10 years ago

      “if they could point the finger of blame elsewhere” If Apple is not responsible for the leak, doesn’t indicate that they should or could blame someone else, you have zero logic.

      Also Apple must be very incompetent, not like they are one of the leading technology companies.

  7. databackupguru - 10 years ago

    I don’t want to comment on why people would take nude photos. Adults should be wise enough to decide what should or shouldn’t be done. We can’t say those who took the photos are morally incorrect if they enjoyed doing so and kept everything private, that’s perfectly alright. As an IT professional, I just wonder why people would trust a cloud storage to a level for storing nude photos there. Edward Snowden had already told us that neither the government nor the internet service providers are trustworthy. Even if those photos were not being hacked, wouldn’t those victims have ever thought that their photos would have been viewed by the people in iCloud whenever they first uploaded the photos to there? Just unbelievable. I always told me clients that before storing sensitive data on the cloud, they have to use services like https://www.boxcryptor.com/ or http://free.cloudbacko.com to encrypt the data on their local machines first before uploading to the cloud, so as not to leave chances for anyone, including hackers, people from the cloud storage, or even NSA to be able to open your data. I believe we all learned a lesson now.

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.