Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

MacRumors · Sep 1, 2014

Apple is investigating an alleged breach of several celebrity iCloud accounts that may have allowed hackers to access the private photos and videos of multiple well-known actresses, according to a statement an Apple spokesperson gave to Re/code.

Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.

Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.

Security researchers have postulated that weak passwords and a lack of two-factor authentication may have led to the breach if iCloud is the source of the leaked images, and it's also possible that a Python script shared on Github a few days ago may have allowed hackers to exploit a vulnerability in Find My iPhone.

As described by The Next Web, the tool allowed hackers to repeatedly guess passwords without being locked out of an iCloud/Apple ID account, brute forcing their way into accounts. Though it is unclear if the tool was responsible for any hacked celebrity accounts, Apple did fix the vulnerability earlier today. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

Multiple security researchers have suggested that any iCloud attacks may have been preventable with two-factor authentication, which Apple first introduced in March of 2013. The two-step verification system adds an additional layer of protection for Apple accounts, requiring both a security code and a "trusted" device to log into an account, in addition to a password.

Article Link: Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

impulse462 · Sep 1, 2014

I love some people were so mad about the NSA violating privacy, but are praising some random guy who pretty much did exactly what the NSA does.

Anyway, I feel bad for the celebs, but typical 4chan.

Dekema2 · Sep 1, 2014

So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.

Sonmi451 · Sep 1, 2014

edit: starting to doubt this is iCloud hack. Lots of evidence pointing in other directions. We'll see what happens...

nathun · Sep 1, 2014

Talk about a PR nightmare...

MacDude21 · Sep 1, 2014

thus why the cloud should die for personal use

3bs · Sep 1, 2014

Dekema2 said:
So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.

No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.

ks-man · Sep 1, 2014

Sad that this occurred. If it did come from iCloud, Apple is probably going to face some pretty steep fines/lawsuits regardless of the password strength.

Paradoxally · Sep 1, 2014

Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

cdmoore74 · Sep 1, 2014

Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distribution numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.

Sonmi451 · Sep 1, 2014

That's a pretty big vulnerability they left open. I wonder if Apple will now force people to use 2 step authentication. As annoying as it is, it works.

bushido · Sep 1, 2014

Paradoxally said:
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

lord knows how many people dont actually know what they r doing and had no idea it was going to upload every pic to the cloud using the photostream feature lol

Mr.Skynet · Sep 1, 2014

The internet is referring to the incident as "The Fappening". Be sure to tell your grandkids.. You were there.

Xenc · Sep 1, 2014

Paradoxally said:
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

Apparently some photos were "deleted a long time ago". The were probably taken from Photostream, if iCloud was the source.

Sonmi451 · Sep 1, 2014

3bs said:
No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.

While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.

jclo · Sep 1, 2014

Dekema2 said:
So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.

Sonmi451 said:
Sounds like it was definitely an iCloud (find my iPhone) breach. Also this is why I don't use sites like 4chan or reddit.

It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.

Mwongozi · Sep 1, 2014

Is anyone else having trouble logging into the iCloud website today?

My account was working fine until this morning, but now I get "Set up iCloud on a device to use iCloud.com. Your Apple ID must be used to set up iCloud on an iOS or OS X device before you can use iCloud.com"

But my account has been in use on both my iPhone and Mac for ages.

Anyone else or just me?

cdmoore74 · Sep 1, 2014

Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.

Xenc · Sep 1, 2014

iCloud works fine for me in the UK. I don't have Photostream enabled.

3bs · Sep 1, 2014

Sonmi451 said:
While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.

I guess it's better that they acknowledge it and say they're working on it than completely ignore it and risk their customers thinking they don't value their privacy/security.

jclo · Sep 1, 2014

3bs said:
No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.

There's no indication at all that the Github tool was used to access the photos (as mentioned in the post), but there's a lot of speculation leaning that way given the timing of Apple's patch.

I've also seen theories that these photos were collected over a very long period of time. Even if the Find My iPhone exploit wasn't used to gather the photos, it looks like some of them did come from hackers getting access to iCloud accounts (likely through phishing scams).

Sonmi451 · Sep 1, 2014

cdmoore74 said:
Earlier today in Cupertino:

Tim Phil, we cant say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil Talk bad about Android fragmentation as we always do!

Tim Youre right! Android distributions numbers are always a classless punchline during our keynotes.

Phil Lets have Craig do it. We can throw in a joke about his hair.

Tim Just make sure you dont use iCloud when saving the keynote. We dont want the public to know our plans. Oh wait, thats how the iPhone 6 parts got leaked on the internet.

cdmoore74 said:
Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.

I think you just want to criticize Apple and/or Macrumors. Kind of a waste of time if you ask me, but hey don't let me tell you what to do.

Xenc · Sep 1, 2014

Sonmi451 said:
While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.

Legal team are probably hard at work on what the public response, if any, will be.

leventozler · Sep 1, 2014

Paradoxally said:
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

If Apple didn't have a brute-force protection, it is not celebs' fault. We should wait and see...

SgtPepper12 · Sep 1, 2014

jclo said:
It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.

Paradoxally said:
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

I don't get why people are defending Apple on this one. You sound like you work for Apple's PR. At this point it is absolutely obvious that it's Apple's fault. They left their platform wide open for attacks like that.

Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

macrumors bot

macrumors 68020

macrumors 6502a

Suspended

macrumors newbie

macrumors regular

macrumors 603

Attachments

macrumors 6502a

macrumors 68000

macrumors 68020

Suspended

Suspended

macrumors newbie

macrumors 65816

Suspended

Managing Editor

macrumors member

macrumors 68020

macrumors 65816

macrumors 603

Managing Editor

Suspended

macrumors 65816

macrumors 6502

macrumors 6502a

Our Staff