Apple’s iCloud allegedly breached in celebrity photo theft
Celebrity photos are nothing new, and risqué photos of attractive female actresses is also not new, but was probably a large part of what made this a big story. What added to the headlines was the possibility that iCloud was breached.
As of the time of this writing, it is not known if iCloud was actually circumvented, but it probably played a role somehow. We looked through a Pastebin page with several thousand lines of EXIF data. It does not conclusively point to one direction or the other because EXIF data is not necessarily indicative of anything. That said, a lot of binary information there appears to trend consistently.
Some security folks started picking at what data they had on hand about the pictures, and everything is a theory at the moment. On one hand, a particular tweet from Mary Winstead, star of Scott Pilgrim vs. The World points strongly to the idea that at least some photos resided on a server, not a device. She stated that the pictures of her were removed from her device “long ago.” With Photo Stream, the pictures remain on iCloud and on device back-ups even after they are deleted off the device.
On the other hand, it seems unlikely (albeit not inconceivable) that unauthorized access could get into Apple’s iCloud and pick through over 100 accounts. A few of the celebrities have confirmed (or denied then later confirmed) the authenticity of the pictures. A spokesman for Jennifer Lawrence, of Hunger Games fame, said they contacted the authorities and would prosecute anyone who posts the stolen images. Other celebrities affected by this wave of pictures include Vanessa Hudgens, Rihana, Kate Upton, and Hillary Duff
not adequately protected is far more feasible (a lot of people use terrible passwords). Another plausible theory is that someone’s private “prized” collection of photos, kept on a single machine, was compromised.
As we watch the story unfold, there is the simple issue of what many are phrasing as an invasion of privacy. That is true, but the difference here is that “celebrity” exposure is treated differently than if these were pictures of one’s next door neighbor. Back in 2012, a man was sentenced to 10 years in prison for posting nude photos hacked from Scarlett Johansson's phone.
This will certainly be an evolving story as people try to establish a digital crumb trail and see where these images were found. Since Monday is the Labor Day holiday in the United States, it is possible we may not see any official statements from Apple until Tuesday at the earliest.
In the meantime, be good stewards of your digital self. Use strong passwords, secondary authentication, and simply do not put anything on the internet that you would be uncomfortable with the whole world knowing tomorrow.
sources: The Telegraph, Jonathan Zdziarski, @SwiftOnSecurity, Pastebin data
1. vandroid (Posts: 260; Member since: 04 Sep 2012)
Were Jennifer Lawrence and Victoria part of the victim list?
24. Vexify (Posts: 500; Member since: 16 Jun 2014)
Most cloud services are not safe. People who know this before putting their tatas in the cloud lol. Especially when the hacker is ex-NSA.
28. JakeLee (Posts: 958; Member since: 02 Nov 2013)
And why do they have movie clips? iCloud doesn't upload movies.
Maybe they hacked Google drive.
29. Sniggly (Posts: 6920; Member since: 05 Dec 2009)
They definitely hacked iCloud, at least. Some of the celeb shots show them using iPhones to take the selfies in mirrors and such. Google Drive may have been hacked *too,* but the primary target was iCloud.
19. vincelongman (Posts: 1132; Member since: 10 Feb 2013)
Funny thing is Victoria said that hers were fake, but people were able to match items from her leaks to her instagram
26. InspectorGadget80 (Posts: 6375; Member since: 26 Mar 2011)
Who cares if a celebrity got their pics stolen. They are all TRASH.
2. 0xFFFF (Posts: 2951; Member since: 16 Apr 2014)
Not surprising at all. As it has been recently exposed, there basically is no security for iPhones due to all the backdoor APIs Apple put in. Now we see that iCloud is probably the same way.
Feel sorry for the people who put their trust in Apple's security theater.
Hopefully more people will learn that the NSA deemed iPhone security to be a complete farce and called iPhone users "iZombies", in part due to their blind trust in Apple. They didn't say these things because they were talking smack. They said these things because it is the truth.
4. Liveitup (Posts: 1174; Member since: 07 Jan 2014)
I wonder if you will stick to your comment if and when the full details come out and Android devices or Google drive are also at fault.
Its tech its not good when things like this takes place but #hit happens.
7. 0xFFFF (Posts: 2951; Member since: 16 Apr 2014)
Because so many Android devices use iCloud? I think you've gotten confused again, FakeItUp.
Seems like you got assigned to the same team as FakeLee. Are you now working with Fake on the "anti-Android/anti-Google" reputation management team? Remember, Uber is hiring people of your ilk. And you will get to change your title to "Brand Ambassador". It will be good for your CV.
8. Liveitup (Posts: 1174; Member since: 07 Jan 2014)
It is alleged that it is iCloud however as time goes by more photos gets leaked and the picture becomes clearer, there could very well Googledrive, Onedrive etc whose security got undermined. I stated what i said earlier cause you are an ardent Android fan who is quick to bash others.
As who Fakelee is i don't even know, if any thing i truthitup.
If i was interested in bashing Google i would be someone on Android articles bashing them, that's is juvenile and reserved for haters like yourself to bash other platforms.
15. Sniggly (Posts: 6920; Member since: 05 Dec 2009)
Liveitup, when the hacker was boasting about doing what he did, he only mentioned hacking users' iCloud accounts to get these photos. If Microsoft or Google's cloud services were involved as well, he'd probably have mentioned them too.
25. Vexify (Posts: 500; Member since: 16 Jun 2014)
He did. He mentioned Google Drive and MEGA. Do some research. Go visit 4chan.
30. JC557 (Posts: 1032; Member since: 07 Dec 2011)
And these people probably have the same user name and password for all those accounts making it trivial to get into.
27. nithyakr (Posts: 67; Member since: 20 Jun 2014)
The photos were leaked on Google Drive as well. Go do your research.
And in some of the photos, celebrities were taking selfies with Samsung Phones.
So it's not only Apple's fault or Google's.
But yes, Most of the photos were leaked on iCloud because obviously a lot of celebrities use iPhones than Android phones.
So a lot of photos were on iCloud.
20. BobbyDigital (Posts: 220; Member since: 29 May 2014)
You know, I've noticed something about you. You blast others who troll WP articles and yet in almost every post, you manage to say something disparaging about Android and Google. Pot calling the kettle black, I see.
36. Scott93274 (Posts: 831; Member since: 06 Aug 2013)
That's just how we roll here on Phone arena. :P
10. microsoftnokiawin (Posts: 962; Member since: 30 Mar 2012)
I don't remember the NSA speaking about any of this I mean share your opinion sure but don't start making crap up long the way you don't need crap to make your argument valid !
22. BobbyDigital (Posts: 220; Member since: 29 May 2014)
Here's the link about the NSA calling iPhone users zombies. -http://m.huffpost.com/us/entry
13. power_x (Posts: 222; Member since: 28 Aug 2013)
Or simply don't take nudes of yourself ? Much easier solution than all this hate on iCloud right ?
37. Scott93274 (Posts: 831; Member since: 06 Aug 2013)
I think it's common sense not to take nudes of yourself especially if you're a high profile celebrity, but that doesn't change the fact that iCloud is marketed as a quality cloud storage service and then this happens. What if you were storing family photos with no backup and then the hacker deleted them all? What if you has personal financial information saved in there? Your personal data needs to be safeguarded properly regardless if you've taken nudes or not.
5. Tritinum (Posts: 83; Member since: 06 May 2014)
Solution - stop taking naked pictures of yourself.
14. CannabisHighway (Posts: 17; Member since: 07 Oct 2013)
True. People should go back to the Polaroid Instant-non digital photos if they want to do nudes or any freaky stuff.
6. xperiaDROID (limited) (Posts: 5399; Member since: 08 Mar 2013)
Don't worry, BlackBerry welcomes you to join their adventurous secured journey, with just a few swipes.
BlackBerry keeps you moving.
12. esperanza (Posts: 44; Member since: 23 Mar 2013)
I'm a little bit shocked when I saw Jennifer Lawrence's bj photo but She looks pretty in even these kind of photos.
33. clarkjeferson (Posts: 51; Member since: 22 Dec 2013)
The photo was a lie, I've been to the forums and I can say that it's a lie.
16. Sniggly (Posts: 6920; Member since: 05 Dec 2009)
First I'm going to say that anyone who blames the celebs themselves for having sex lives and nude photos of themselves is a blithering di.ckwaffle who clearly doesn't respect privacy rights nor do they respect the concept of consent to release photos like these.
Second I'm going to say that with a leak this big, Apple is potentially in huge trouble. It could well be the class action lawsuit of the century if it's shown that multiple iCloud accounts were hacked in order to get these pictures.
21. remixfa (Posts: 13903; Member since: 19 Dec 2008)
If this is found to be strickly an iCloud hack, its going to be a massive shyeet storm for Apple... and right before their next big unveil. The timing couldn't be worse for them.
If it is an iCloud hack and they are not forced to redirect their yearly show to have a focus on new security, I'd be amazed.
That said, remember folks, none of your data on ANY of your devices is ever 100% secure.
17. meanestgenius (Posts: 1093; Member since: 28 May 2014)
Time for those celebs and others to get a BlackBerry, IMO. ;)
Perhaps Apple should look to hire John Chen and Co. as security experts, to help Apple shore up all of these breaches and hacks that have been happening to them, especially as of late.
And I agree with Sniggly, anyone who is blaming these celebs for having a sex life in their private lives is a complete iD*ot.
38. Scott93274 (Posts: 831; Member since: 06 Aug 2013)
Well, you know I'm not big on Blackberry, but I do have to give credit when credit's due. The Apple flock is always bragging about how secure iOS is compared to Android. Reality really knows how to smack ignorant people in the face really hard in times like these. If Blackberry plays its cards right, it can maybe reclaim some market from Apple after this fiasco.
41. meanestgenius (Posts: 1093; Member since: 28 May 2014)
You're not big on anything except Android...and that's your choice and I respect it. I'm not big on Android or iOS....and I hope others respect my choice in that as I never troll other OS's.
32. clarkjeferson (Posts: 51; Member since: 22 Dec 2013)
Anyway, let this be a lesson to celebrities everywhere, get a blackberry, not even a hacker would touch that.
35. meanestgenius (Posts: 1093; Member since: 28 May 2014)
More like a hacker CAN'T touch a BlackBerry.
39. Scott93274 (Posts: 831; Member since: 06 Aug 2013)
Famous last words. Nothing is unhackable. iCloud on the other had just left the back door wide open and got screwed as a result.
40. meanestgenius (Posts: 1093; Member since: 28 May 2014)
BlackBerry 10 has yet to be hacked. BlackBerry always uses the most stringent security measures and is constantly updating them and adding more measures of security. It is indeed the most secure mobile OS in the industry.