So this leak has caused quite a furore, normally I don’t pay attention to this stuff – but hey it’s JLaw and it’s a LOT of celebs at the same time – which indicates some kind of underlying problem. The massive list of over 100 celebs was posted originally on 4chan (of course) by an anonymous user who seems to have collected/bought the pictures using Bitcoin.
Some fingers are being pointed at iCloud and the security of it, as many of these pictures have been deleted and have been somehow rescued from the cloud. Some of the users are claiming they use Android though, but they might have synced the pictures to their Macbook and that was uploaded to iCloud.
Naked photos of celebrities including Jennifer Lawrence, Kate Upton and Ariana Grande have been published online by an anonymous hacker who reportedly obtained the explicit pics from the victims’ Apple iCloud accounts.
Nude photos of 17 celebrities have been published online. The anonymous hacker posting on grime-’n-gore board 4chan claimed to possess naked pics of more than 100 celebrities in total.
Lawrence’s publicist Bryna Rifkin confirmed the validity of the photos and condemned their publication.
“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” Rifkin told Buzzfeed.
However a separate set of images included in the hacked celeb haul purporting to show singer Victoria Justice in various states of undress were called out as fake.
Justice published a photograph where her face was clearly taken from an earlier photo and plastered on the body of a naked woman.
Other photos appeared legitimate but were not yet confirmed by those affected.
There’s not a lot of details right now, but there is a whole lot of speculation about what’s going on (Google Drive, Dropbox, iCloud and more). This is why if you use an iPhone you should know what Photo Stream is (and how to disable it), or Dropbox Camera Upload, or Google Photo Sync.
I’m guessing there’s more to come as only a few of the pictures have been released so far. I’m not sure if Apple are even going to bother saying anything, as well even when there’s a fairly security flaw they tend to just keep quiet. iCloud security issue? Who cares man.
The identity of the unscrupulous hacker including any alias appeared to be unknown. They posted the images to the 4chan ‘/b/’ image board from where it was quickly circulated on social media sites including Reddit.
The assailant seems likely to face a well-resourced investigation by US authorities, who take a dim view of this sort of thing.
In June, Romanian hacker Marcel Lazar Lehel, a.k.a. Guccifer, was sentenced and faced seven years jail with three years served for hacking email accounts of former US President George Bush along with other US officials, celebrities and UK pollies.
And in 2011 Florida man Christopher Chaney was arrested after he hacked the email accounts of Scarlett Johansson and some 49 other celebrities and was sentenced to 10 years’ gaol.
The hacking serves as a timely reminder to ensure important passwords were not reused across websites or services and were not based on single words or common phrases.
There was an interesting proof of concept of an AppleID bruteforcing tool here – ibrute – which is fixed now, but it could have been used to pop these accounts. It authenticated against the Find My iPhone API which had no bruteforce protection implemented.
There’s even an entire subreddit about the leak here, which has been labelled ‘The Fappening’ – http://www.reddit.com/r/thefappening
Let’s see what more info (if any) comes out after this.
Source: The Register