Apple has launched an investigation into how nude photographs of over a hundred celebrities were leaked online late last week, after claims a hack on their iCloud accounts was to blame.
In a statement sent to the Recode website, an Apple spokesperson said: “We take user privacy very seriously and are actively investigating this report.”
The incident saw intimate photographs of Hollywood actress Jennifer Lawrence and many others posted to the 4Chan internet forum, from where they were shared on Twitter, Reddit and elsewhere.
The person who leaked the photos said they had been stolen after gaining access to the victims' Apple iCloud accounts, where photos taken on their iPhone and iPad are automatically synced to.
Lawrence issued a statement describing the hack as a “flagrant violation of privacy,” while others claimed the photographs of them were fakes. Lawrence’s management team added: “The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”
Although it isn’t yet clear how the attack took place, a number of security experts have explained how the hack could have happened - and how to avoid it happening again. Graham Cluley said on his blog: “Many folks are blissfully unaware about iPhone photos being automatically sent to an Apple iCloud internet server after it is taken. That’s great in some ways – it means it’s easily accessible on our other Apple devices – but might be bad in others.
“Even if they were all using iCloud, it’s possible that there isn’t a security hole in iCloud itself but rather that celebrities had not properly secured their accounts with – for instance – hard-to-guess passwords.”
The Next Web speculated that a piece of software called iBrute may have been used. iBrute uses what is called a bruteforce attack to guess the password of an iCloud account by automatically trying millions of words until the right one is found. Unlike some other online services, iCloud lets users (or software like iBrute) guess a password an unlimited amount of times.