Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

Carlanga said:
they got access.
Most of these female celebs have iPhones or their boy/girl has an iPhone and yes most have iCloud accounts by default so piece one and one together and voila iCloud is the one method most talked, because that is where most got their pictures and videos from. The blame goes to apple because their security system was laking, of course the celebs have part of the blame.
Click to expand...

Actually, since not all the celebs are using iPhones, it means there are probably multiple hacks. Everything from router, PC, Mac, Android and iPhone are possible entry points. Even NSA, eBay, Google servers are suspects since they had or revealed major breach(es) over the last few years (only known for the past 2-3 months).

And it's likely to be years of work since some of the photos were deleted long ago (for whatever reason).
As long as they gain one set of password, it is likely they can use it on other services since people tend to reuse their passwords. If it goes far back enough, Google didn't have 2FA too.
 
Last edited:
Iconoclysm said:
Yet all of the reporting is based on a statement that is far too inconclusive for me to be convinced, and whether or not it's Apple, Google, Samsung, Microsoft, or whomever else, means nothing to me. There are way too many facts that point to these photos coming from many different places.

As far as sticking my head in the sand, I wouldn't use this as any sort of example of that. In fact, it leads me to scrutinize further in every direction, not just Apple's.

I'm not an "IT person", btw, I'm a consultant...and I would look like a complete asshat going into a customer and claiming iCloud is the cause of all these leaked photos only to find out that it wasn't. That is why I, like any good professional, have integrity.
Click to expand...

What kind of consultant? You brought this up not me.....you were bragging about your experience in IT. Now your not an IT person?

I agree with you...I would not go to the CEO of my company with what information is being reported. There is a ton of fact finding and root cause to be discovered. But there is also a TON of information that has not been leaked either. There is a lot going on behind the scenes theta will never come out. The people in my department will have more info than what is being reported anyway.
But you cannot deny...what the hackers did.....they even proved how they did it.
The released the exploit code one day. The proceeded to do the hack. It doesn't get any clearer than that.......
Apple already patched the exploit so now icloud account will lock out after several bad password attempts. Now lets see how they spin it tomorrow.
 
viacavour said:
Actually, since not all the celebs are using iPhones, it means there are probably multiple hacks. Everything from router, PC, Macs, Android and iPhones are possible entry points.

And it's likely to be years of work since some of the photos were deleted long ago (for whatever reason).
Click to expand...

Yes, so long ago in fact, that iCloud didn't even exist.
 
rei101 said:
It is... they have to protect your data. If someone brakes in to your bank account as well into other 99 accounts in the same weekend is the banks fault.

But lets see how it develops.
Click to expand...

or people could just not upload personal stuff to the cloud... its really not that hard to understand.
 
Someone at Apple is gonna be fired...

sNoAkfu.png
 
diddl14 said:
What amazes me is how some of these selfies had iPhones camouflaged as Android phones :eek:
Click to expand...

Just because you took a picture with a Android device doesn't mean you're not a iCloud user. These people could own a iPad or Mac. Straight from Apple's website.

iCloud is easy to set up.
Whether you’re on an iPhone, iPad, iPod touch, Mac, or PC, getting started with iCloud is simple. For new Apple devices, there’s a setup assistant built right in. And for everything else, setup takes just a few quick steps.
 
Iconoclysm said:
Yes, so long ago in fact, that iCloud didn't even exist.
Click to expand...

Hm ? Really ? In that case they should suspect the people around them too. Someone may have physical access to their PCs and Macs.

----------
cdmoore74 said:
Just because you took a picture with a Android device doesn't mean you're not a iCloud user. These people could own a iPad or Mac. Straight from Apple's website.
Click to expand...

Right, but their other phones could be jacked already too to auto-upload elsewhere.

I think one of the images show Kate Upton's photos in a DropBox account. Is it hers or the poster's account ?

The one showing Jennifer Lawrence in a white bikini taking selfie -- that phone looks too large too be an iPhone.
 
Last edited:
jamezr said:
What kind of consultant? You brought this up not me.....you were bragging about your experience in IT. Now your not an IT person?

I agree with you...I would not go to the CEO of my company with what information is being reported. There is a ton of fact finding and root cause to be discovered. But there is also a TON of information that has not been leaked either. There is a lot going on behind the scenes theta will never come out. The people in my department will have more info than what is being reported anyway.
But you cannot deny...what the hackers did.....they even proved how they did it.
The released the exploit code one day. The proceeded to do the hack. It doesn't get any clearer than that.......
Apple already patched the exploit so now icloud account will lock out after several bad password attempts. Now lets see how they spin it tomorrow.
Click to expand...

You asking me if I "even know how a brute force attack works" was best responded to by giving you some information to reveal that the question is more than pedantic to me.

By an "IT person" I refer to every day operations, butts in seats people.

Of course there will be a ton of info kept from the general public...though, Apple is scrutinized far too closely for much of that to stay behind closed doors.

Again, I'm not surprised an exploit has been found...this crap happens all of the time, luckily many of us are obscure enough and use strong enough passwords that we don't have to worry very much. I keep dummy accounts in Gmail and facebook, and I see Chinese hackers constantly gaining access to both despite frequent password changes.
 
Whether it caused the photo leak or not, failing to have intrusion detection / lockout is a big, and rookie, mistake. I do agree with another poster that there will be some dismissals over that. How many weeks was that vulnerability present? Why wasn't it found during internal testing? I'm sure those questions are being asked now.
 
cdmoore74 said:
Just because you took a picture with a Android device doesn't mean you're not a iCloud user. These people could own a iPad or Mac. Straight from Apple's website.

iCloud is easy to set up.
Whether you’re on an iPhone, iPad, iPod touch, Mac, or PC, getting started with iCloud is simple. For new Apple devices, there’s a setup assistant built right in. And for everything else, setup takes just a few quick steps.
Click to expand...

Please, take some time out and load up iCloud, you will see that there is absolutely not enough space by default to use it for photo and video storage. For that, you use photostream to sync between devices. It's not impossible for this to have happened through photostream but for those old, deleted, photos...it doesn't make a lot of sense at all.
 
apolloa said:
Right, but Amazon did not 'lie' about it's drones? It had a big press launch about it? They didn't make it all up?
And ever heard the saying 'where's there's smoke there's fire? But reading above Apple did have a security hole that they have patched today, pretty hard evidence against the innocent until proven guilty but yes we will wait to see what happens, although I suspect Apple will never tell anyone.
Click to expand...

Ok, and how about this. Lets say the whole underground ring of celebrity nude images is true. As per the alternate explanation, lets also say that someone decides they want to try to make a bit of money off their new entry into this ring. Wouldn't it be a convenient cover / mis-direction to point to a popular cloud service that had just patched an exploit that, in theory, could be used to obtain the images?

Either could be true. Sure, the whole "evidence against apple" with the exploit is strong. But the evidence in that the many of the images were taken with Android phones, some being older, since deleted pictures, and also have file names indicative of other cloud services / social media sites is also pretty strong for the alternate explanation. Its easier to just blindly blame Apple and thats what the media is doing. Some of them have posted the other idea, but most haven't (i guess its easier to point the finger at Apple then a bunch of unknown hackers).

Hopefully one way or another we find out, so we can move on to things that are actually important.
 
Regardless of the specific fault here, there's one change I think this should prompt for Apple...
Photos should go to photo stream intentionally, not automatically. I'm tired of having to delete photo stream shots that I don't want there, whether embarrassing, crappy or temporary reminder photos.
Switching to 'opt in' would improve photo stream immeasurably. At least make it an option.
 
dotme said:
Whether it caused the photo leak or not, failing to have intrusion detection / lockout is a big, and rookie, mistake. I do agree with another poster that there will be some dismissals over that. How many weeks was that vulnerability present? Why wasn't it found during internal testing? I'm sure those questions are being asked now.
Click to expand...

From what some of these reports have said, most ways to access iCloud do have intrusion detection and lockout. And many said that missing a hole like this is not uncommon as you add or change services.

----------
GQB said:
Regardless of the specific fault here, there's one change I think this should prompt for Apple...
Photos should go to photo stream intentionally, not automatically. I'm tired of having to delete photo stream shots that I don't want there, whether embarrassing, crappy or temporary reminder photos.
Switching to 'opt in' would improve photo stream immeasurably. At least make it an option.
Click to expand...

I agree - I love the functionality of photo stream but would much rather have a switch in the camera app to label something for streaming or not streaming. And, of course, the ability to add that later as well.
 
McCool71 said:
Well, isn't the whole point of the Apple ecosystem that it is uncomplicated and easy to use for anyone - non-techies included?
Click to expand...

Indeed !

But it doesn't mean it's unhackable if the users are not "savvy" enough.
e.g., The weakness could be caused or introduced by the user (e.g., writing password down).
 
I am amazed that they managed to brute force a lot of these accounts (if that is the case).

Any login-based service worth anything surely locks out the user for x number of hours after a few failed login attempts - and sends an e-mail with a warning as well.
 
McCool71 said:
I am amazed that they managed to brute force a lot of these accounts (if that is the case).

Any login-based service worth anything surely locks out the user for x number of hours after a few failed login attempts - and sends an e-mail with a warning as well.
Click to expand...

This service does as well, it appears that one of the logins to the service specifically for find my phone either lost that functionality or never had it. Other iCloud access points would have locked them out.
 
dasx said:
Someone at Apple is gonna be fired...

Image
Click to expand...

Impossible!!!! Kirsten Dunst is a paid troll. Anyone that speaks out against Apple is a troll. There is no proof yet that Apple and iCloud are associated with these leaks. All of these high powered actresses are lying. It's must have been Google or Dropbox behind the leaks. Maybe Samsung is behind it since I saw one taking a picture with a large phone. It's virtually impossible for Apple to be at fault behind these leaks. Apple is still investigating this so there is absolutely, positively no way Apple is too be blamed for this. And even if iCloud was the culprit it's the users fault for not creating a two step verification. And these people should not be taking nude photos and posting them to the cloud in the first place.

Am I missing anything guys or did I cover all the excuses for Apple in one post?
 
McCool71 said:
I am amazed that they managed to brute force a lot of these accounts (if that is the case).

Any login-based service worth anything surely locks out the user for x number of hours after a few failed login attempts - and sends an e-mail with a warning as well.
Click to expand...

They usually trottle it to avoid suspicion.
Most just use social engineering to get passwords.

If the photos were very old as claimed by one of the actresses (before iCloud ?!), they could use any technique since then.
 
viacavour said:
But it doesn't mean it's unhackable if the users are not "savvy" enough.
Click to expand...

Well, then we (well, Apple...) have a problem. I know lots of iPhone users that most likely know nothing (or care) about security and are as non-techie that you can imagine.

Their main mantra being the classic 'everything works - I don't need to know or learn anything - it is wonderful'.

Hopefully incidents like this will make a lot of people think twice when it comes to passwords and ignorance towards learning anything but pressing 'ok'.
 
cdmoore74 said:
Impossible!!!! Kirsten Dunst is a paid troll. Anyone that speaks out against Apple is a troll. There is no proof yet that Apple and iCloud are associated with these leaks. All of these high powered actresses are lying. It's must have been Google or Dropbox behind the leaks. Maybe Samsung is behind it since I saw one taking a picture with a large phone. It's virtually impossible for Apple to be at fault behind these leaks. Apple is still investigating this so there is absolutely, positively no way Apple is too be blamed for this. And even if iCloud was the culprit it's the users fault for not creating a two step verification. And these people should not be taking nude photos and posting them to the cloud in the first place.

Am I missing anything guys or did I cover all the excuses for Apple in one post?
Click to expand...

Oh don't be so dramatic. So what if Google and Dropboxes are involved ? It's the net. They have had big holes before. What's the big deal ?

If you dig around, you can find allegations about DropBox employees leaking the images too. This is the Internet after all.

Not all victims are using iPhone or iCloud.
 
Last edited:
Glassed Silver said:
The hack is perfectly in time for Photos in the Cloud.

In future, there will be leaks of whole LIVES of photos and videos.

We can talk about who to blame all we want, but it's a sure thing Apple WILL get flak for this, I'm admiring their confidence to face these kinds of scenarios.

Me personally, I will avoid Photos in the Cloud like the plague.
It's one thing to have a month's worth of Photo Stream copied from you, it's another thing to have all your life's personal recordings copied from you.

Glassed Silver:mac
Click to expand...

No offence but I doubt there are hackers out there that are dying to see you naked. This happened to super popular celebrities, not your average Joe.
 
Iconoclysm said:
Please, take some time out and load up iCloud, you will see that there is absolutely not enough space by default to use it for photo and video storage. For that, you use photostream to sync between devices. It's not impossible for this to have happened through photostream but for those old, deleted, photos...it doesn't make a lot of sense at all.
Click to expand...

Not enough space? Says who? I have and iPhone and an iPad and still have a 1GB left (before I cleaned out some picture and videos). I had a few videos or my daughter competitions and few 100 pictures, so how is 5GB not enough by default?
 
McCool71 said:
Well, then we (well, Apple...) have a problem. I know lots of iPhone users that most likely know nothing (or care) about security and are as non-techie that you can imagine.

Their main mantra being the classic 'everything works - I don't need to know or learn anything - it is wonderful'.

Hopefully incidents like this will make a lot of people think twice when it comes to passwords and ignorance towards learning anything but pressing 'ok'.
Click to expand...

That's not news though. Thousands of them, even savvy ones, are susceptible to phishing attacks every day.

The security researchers will keep improving to make their system foolproof. The hackers will do the opposite. It's been this way since eons ago.

----------
Primejimbo said:
Not enough space? Says who? I have and iPhone and an iPad and still have a 1GB left (before I cleaned out some picture and videos). I had a few videos or my daughter competitions and few 100 pictures, so how is 5GB not enough by default?
Click to expand...

Well... I ran out rather quickly. It's probably a case of YMMV.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back