Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 1, 2014, 04:14 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts




Apple is investigating an alleged breach of several celebrity iCloud accounts that may have allowed hackers to access the private photos and videos of multiple well-known actresses, according to a statement an Apple spokesperson gave to Re/code.
Quote:
Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.
Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.

Security researchers have postulated that weak passwords and a lack of two-factor authentication may have led to the breach if iCloud is the source of the leaked images, and it's also possible that a Python script shared on Github a few days ago may have allowed hackers to exploit a vulnerability in Find My iPhone.

As described by The Next Web, the tool allowed hackers to repeatedly guess passwords without being locked out of an iCloud/Apple ID account, brute forcing their way into accounts. Though it is unclear if the tool was responsible for any hacked celebrity accounts, Apple did fix the vulnerability earlier today. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

Multiple security researchers have suggested that any iCloud attacks may have been preventable with two-factor authentication, which Apple first introduced in March of 2013. The two-step verification system adds an additional layer of protection for Apple accounts, requiring both a security code and a "trusted" device to log into an account, in addition to a password.

Article Link: Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts
MacRumors is offline   0 Reply With Quote
Old Sep 1, 2014, 04:16 PM   #2
impulse462
macrumors 65816
 
impulse462's Avatar
 
Join Date: Jun 2009
Location: SF Bay Area
I love some people were so mad about the NSA violating privacy, but are praising some random guy who pretty much did exactly what the NSA does.

Anyway, I feel bad for the celebs, but typical 4chan.
__________________
13.3" MacBook Air, 1.3GHz Core i5, 4GB RAM, 128GB SSD; 16GB Space Gray iPhone 6
impulse462 is offline   34 Reply With Quote
Old Sep 1, 2014, 04:16 PM   #3
Dekema2
macrumors 6502
 
Join Date: Jul 2012
Location: WNY
So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.
__________________
Craig "Charisma" Federighi for Apple CEO!
Dekema2 is offline   1 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #4
Sonmi451
macrumors 6502
 
Join Date: Aug 2014
Location: in my Tesla Model S
edit: starting to doubt this is iCloud hack. Lots of evidence pointing in other directions. We'll see what happens...

Last edited by Sonmi451; Sep 1, 2014 at 05:03 PM.
Sonmi451 is offline   4 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #5
nathun
macrumors newbie
 
Join Date: Jan 2014
Talk about a PR nightmare...
nathun is offline   19 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #6
MacDude21
macrumors regular
 
Join Date: Jun 2013
thus why the cloud should die for personal use
__________________
iPhone 5S 16GB Space Gray
(Up and running: Hackintosh(CustoMac) mATX 8GB RAM NVida GTX 760 Intel Core i5 3.4GHz Quad-Core 128 GB SSD)
MacDude21 is offline   16 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #7
3bs
macrumors 603
 
3bs's Avatar
 
Join Date: May 2011
Location: Dublin, Ireland
Quote:
Originally Posted by Dekema2 View Post
So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.
No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.
Attached Thumbnails
Click image for larger version

Name:	Screenshot 2014-09-01 21.18.45.png
Views:	188
Size:	37.7 KB
ID:	488225  
3bs is offline   15 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #8
ks-man
macrumors 6502a
 
Join Date: Sep 2007
Sad that this occurred. If it did come from iCloud, Apple is probably going to face some pretty steep fines/lawsuits regardless of the password strength.
__________________
iMac-3.06Ghz/NV130/1TB|MBA-1.86Ghz/128GB/4GB and 1.6GHz/80GB|iPhone 4-32GB|iPad1 32GB|iPad3 64GB|iPTouch 8GB|iPod Classic 120GB|Nano 4GB|Time Capsule 500GB|AEBS Dual Band|AEX
I surrender Apple!
ks-man is offline   6 Reply With Quote
Old Sep 1, 2014, 04:17 PM   #9
Paradoxally
macrumors 6502a
 
Join Date: Feb 2011
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.
Paradoxally is offline   18 Reply With Quote
Old Sep 1, 2014, 04:19 PM   #10
cdmoore74
macrumors 68000
 
Join Date: Jun 2010
Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distribution numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.

Last edited by cdmoore74; Sep 1, 2014 at 04:27 PM.
cdmoore74 is offline   58 Reply With Quote
Old Sep 1, 2014, 04:20 PM   #11
Sonmi451
macrumors 6502
 
Join Date: Aug 2014
Location: in my Tesla Model S
That's a pretty big vulnerability they left open. I wonder if Apple will now force people to use 2 step authentication. As annoying as it is, it works.
Sonmi451 is offline   3 Reply With Quote
Old Sep 1, 2014, 04:20 PM   #12
bushido
macrumors 603
 
bushido's Avatar
 
Join Date: Mar 2008
Location: España y Germany
Quote:
Originally Posted by Paradoxally View Post
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.
lord knows how many people dont actually know what they r doing and had no idea it was going to upload every pic to the cloud using the photostream feature lol
__________________
¡No hables a menos que puedas mejorar el silencio!
Don't judge me by my user name - I was young and stupid xD
bushido is offline   10 Reply With Quote
Old Sep 1, 2014, 04:21 PM   #13
Mr.Skynet
macrumors newbie
 
Join Date: Mar 2014
The internet is referring to the incident as "The Fappening". Be sure to tell your grandkids.. You were there.
__________________
Late 2013 rMBP 15in-2.3ghz i7-16gb RAM-GT750-512GB iPhone 6 128GB (Space Grey/Verizon) iPad Air 2 128gb (Space Grey/Verizon) 2TB Time Capsule Apple TV Gen. 3
Mr.Skynet is offline   23 Reply With Quote
Old Sep 1, 2014, 04:21 PM   #14
Xenc
macrumors 6502a
 
Xenc's Avatar
 
Join Date: May 2010
Location: London, England
Quote:
Originally Posted by Paradoxally View Post
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.
Apparently some photos were "deleted a long time ago". The were probably taken from Photostream, if iCloud was the source.
__________________
Next Bus London for iPhone - 100% Live bus times on your iPhone (Featured on ShinyShiny.tv and Wired.co.uk!)
Xenc is offline   1 Reply With Quote
Old Sep 1, 2014, 04:21 PM   #15
Sonmi451
macrumors 6502
 
Join Date: Aug 2014
Location: in my Tesla Model S
Quote:
Originally Posted by 3bs View Post
No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.
While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.
Sonmi451 is offline   1 Reply With Quote
Old Sep 1, 2014, 04:22 PM   #16
jclo
Editor
 
Join Date: Dec 2012
Location: California
Quote:
Originally Posted by Dekema2 View Post
So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.
Quote:
Originally Posted by Sonmi451 View Post
Sounds like it was definitely an iCloud (find my iPhone) breach. Also this is why I don't use sites like 4chan or reddit.
It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.
jclo is offline   0 Reply With Quote
Old Sep 1, 2014, 04:22 PM   #17
Mwongozi
macrumors member
 
Join Date: Sep 2007
Location: Sunnyvale, CA
Is anyone else having trouble logging into the iCloud website today?

My account was working fine until this morning, but now I get "Set up iCloud on a device to use iCloud.com. Your Apple ID must be used to set up iCloud on an iOS or OS X device before you can use iCloud.com"

But my account has been in use on both my iPhone and Mac for ages.

Anyone else or just me?
Mwongozi is offline   0 Reply With Quote
Old Sep 1, 2014, 04:23 PM   #18
cdmoore74
macrumors 68000
 
Join Date: Jun 2010
Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.
cdmoore74 is offline   19 Reply With Quote
Old Sep 1, 2014, 04:23 PM   #19
Xenc
macrumors 6502a
 
Xenc's Avatar
 
Join Date: May 2010
Location: London, England
iCloud works fine for me in the UK. I don't have Photostream enabled.
__________________
Next Bus London for iPhone - 100% Live bus times on your iPhone (Featured on ShinyShiny.tv and Wired.co.uk!)
Xenc is offline   4 Reply With Quote
Old Sep 1, 2014, 04:24 PM   #20
3bs
macrumors 603
 
3bs's Avatar
 
Join Date: May 2011
Location: Dublin, Ireland
Quote:
Originally Posted by Sonmi451 View Post
While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.
I guess it's better that they acknowledge it and say they're working on it than completely ignore it and risk their customers thinking they don't value their privacy/security.
3bs is offline   1 Reply With Quote
Old Sep 1, 2014, 04:25 PM   #21
jclo
Editor
 
Join Date: Dec 2012
Location: California
Quote:
Originally Posted by 3bs View Post
No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.
There's no indication at all that the Github tool was used to access the photos (as mentioned in the post), but there's a lot of speculation leaning that way given the timing of Apple's patch.

I've also seen theories that these photos were collected over a very long period of time. Even if the Find My iPhone exploit wasn't used to gather the photos, it looks like some of them did come from hackers getting access to iCloud accounts (likely through phishing scams).
jclo is offline   1 Reply With Quote
Old Sep 1, 2014, 04:26 PM   #22
Sonmi451
macrumors 6502
 
Join Date: Aug 2014
Location: in my Tesla Model S
Quote:
Originally Posted by cdmoore74 View Post
Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distributions numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.
Quote:
Originally Posted by cdmoore74 View Post
Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.
I think you just want to criticize Apple and/or Macrumors. Kind of a waste of time if you ask me, but hey don't let me tell you what to do.
Sonmi451 is offline   21 Reply With Quote
Old Sep 1, 2014, 04:27 PM   #23
Xenc
macrumors 6502a
 
Xenc's Avatar
 
Join Date: May 2010
Location: London, England
Quote:
Originally Posted by Sonmi451 View Post
While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.
Legal team are probably hard at work on what the public response, if any, will be.
__________________
Next Bus London for iPhone - 100% Live bus times on your iPhone (Featured on ShinyShiny.tv and Wired.co.uk!)
Xenc is offline   2 Reply With Quote
Old Sep 1, 2014, 04:27 PM   #24
leventozler
macrumors regular
 
Join Date: Feb 2009
Quote:
Originally Posted by Paradoxally View Post
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.
If Apple didn't have a brute-force protection, it is not celebs' fault. We should wait and see...
leventozler is offline   8 Reply With Quote
Old Sep 1, 2014, 04:27 PM   #25
SgtPepper12
macrumors 6502
 
Join Date: Feb 2011
Quote:
Originally Posted by jclo View Post
It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.
Quote:
Originally Posted by Paradoxally View Post
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.
I don't get why people are defending Apple on this one. You sound like you work for Apple's PR. At this point it is absolutely obvious that it's Apple's fault. They left their platform wide open for attacks like that.
SgtPepper12 is offline   21 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 05:55 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC