Re/code has received a statement from Apple about the alleged hacking incidents. Natalie Kerris says:
“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.
As is the norm with Apple’s public facing commentary, the company has not said much about the situation. Somehow, compromising personal pictures of several celebrities have leaked online and many are blaming iCloud as the root cause. The events are muddled by the fact that some of the reported claims have transpired to be fake Photoshopped images, although some — like the images of Jennifer Lawrence — have been confirmed to be legitimate.
Earlier today, a brute-force iCloud exploit was highlighted that may offer an explanation for the leaks, where Apple servers were repeatedly pummelled with common passwords to try and break entry into user’s accounts. This flaw has already been patched, but it is important to note that this issue is not necessarily linked to the celebrity hacks. It is also unclear when the vulnerability was first exploited. Photo Stream only stores the last 1000 images, so it seems likely that those responsible has been working for a while to collate the collection of images.
It is also important to stress that something else entirely, not iCloud, could be the root source of the hacks. 9to5Mac will report on the happenings as it evolves. For now, the best advice to protect against such attacks is to enable two-factor authentication, which makes dictionary attacks near-impossible to pull off.