Massive Celeb Leak Brings iCloud Security Into Question

Use Netsparker


So this leak has caused quite a furore, normally I don’t pay attention to this stuff – but hey it’s JLaw and it’s a LOT of celebs at the same time – which indicates some kind of underlying problem. The massive list of over 100 celebs was posted originally on 4chan (of course) by an anonymous user who seems to have collected/bought the pictures using Bitcoin.

Celebrity Nudes on 4Chan

Some fingers are being pointed at iCloud and the security of it, as many of these pictures have been deleted and have been somehow rescued from the cloud. Some of the users are claiming they use Android though, but they might have synced the pictures to their Macbook and that was uploaded to iCloud.

Naked photos of celebrities including Jennifer Lawrence, Kate Upton and Ariana Grande have been published online by an anonymous hacker who reportedly obtained the explicit pics from the victims’ Apple iCloud accounts.

Nude photos of 17 celebrities have been published online. The anonymous hacker posting on grime-‘n-gore board 4chan claimed to possess naked pics of more than 100 celebrities in total.

Lawrence’s publicist Bryna Rifkin confirmed the validity of the photos and condemned their publication.

“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” Rifkin told Buzzfeed.

However a separate set of images included in the hacked celeb haul purporting to show singer Victoria Justice in various states of undress were called out as fake.

Justice published a photograph where her face was clearly taken from an earlier photo and plastered on the body of a naked woman.

Other photos appeared legitimate but were not yet confirmed by those affected.


There’s not a lot of details right now, but there is a whole lot of speculation about what’s going on (Google Drive, Dropbox, iCloud and more). This is why if you use an iPhone you should know what Photo Stream is (and how to disable it), or Dropbox Camera Upload, or Google Photo Sync.

I’m guessing there’s more to come as only a few of the pictures have been released so far. I’m not sure if Apple are even going to bother saying anything, as well even when there’s a fairly security flaw they tend to just keep quiet. iCloud security issue? Who cares man.

The identity of the unscrupulous hacker including any alias appeared to be unknown. They posted the images to the 4chan ‘/b/’ image board from where it was quickly circulated on social media sites including Reddit.

The assailant seems likely to face a well-resourced investigation by US authorities, who take a dim view of this sort of thing.

In June, Romanian hacker Marcel Lazar Lehel, a.k.a. Guccifer, was sentenced and faced seven years jail with three years served for hacking email accounts of former US President George Bush along with other US officials, celebrities and UK pollies.

And in 2011 Florida man Christopher Chaney was arrested after he hacked the email accounts of Scarlett Johansson and some 49 other celebrities and was sentenced to 10 years’ gaol.

The hacking serves as a timely reminder to ensure important passwords were not reused across websites or services and were not based on single words or common phrases.

There was an interesting proof of concept of an AppleID bruteforcing tool here – ibrute – which is fixed now, but it could have been used to pop these accounts. It authenticated against the Find My iPhone API which had no bruteforce protection implemented.

There’s even an entire subreddit about the leak here, which has been labelled ‘The Fappening’ – http://www.reddit.com/r/thefappening

Let’s see what more info (if any) comes out after this.

Source: The Register

Posted in: Apple, Privacy

, , ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


One Response to Massive Celeb Leak Brings iCloud Security Into Question

  1. Sid September 3, 2014 at 3:20 am #

    Interesting. Especially the part where they named the subreddit – “The Fappening”!