Apple’s iCloud allegedly breached in celebrity photo theft

Apple’s iCloud allegedly breached in celebrity photo theft
During what is a long holiday weekend in the United States, an anonymous hacker claims to have successfully hacked Apple iCloud and its Photo Stream feature of nearly 100 celebrity accounts and place several photos on 4chan.

Celebrity photos are nothing new, and risqué photos of attractive female actresses is also not new, but was probably a large part of what made this a big story. What added to the headlines was the possibility that iCloud was breached.

As of the time of this writing, it is not known if iCloud was actually circumvented, but it probably played a role somehow. We looked through a Pastebin page with several thousand lines of EXIF data.  It does not conclusively point to one direction or the other because EXIF data is not necessarily indicative of anything. That said, a lot of binary information there appears to trend consistently.

Some security folks started picking at what data they had on hand about the pictures, and everything is a theory at the moment. On one hand, a particular tweet from Mary Winstead, star of Scott Pilgrim vs. The World points strongly to the idea that at least some photos resided on a server, not a device. She stated that the pictures of her were removed from her device “long ago.” With Photo Stream, the pictures remain on iCloud and on device back-ups even after they are deleted off the device.

On the other hand, it seems unlikely (albeit not inconceivable) that unauthorized access could get into Apple’s iCloud and pick through over 100 accounts. A few of the celebrities have confirmed (or denied then later confirmed) the authenticity of the pictures. A spokesman for Jennifer Lawrence, of Hunger Games fame, said they contacted the authorities and would prosecute anyone who posts the stolen images. Other celebrities affected by this wave of pictures include Vanessa Hudgens, Rihana, Kate Upton, and Hillary Duff

This could be a case of “social engineering” too, where someone grabs publicly available data about an individual and deducts password or security question insights through a bit of trial and error. Given the number of people involved however, that strikes us as unlikely. Finding the accounts not adequately protected is far more feasible (a lot of people use terrible passwords). Another plausible theory is that someone’s private “prized” collection of photos, kept on a single machine, was compromised.

As we watch the story unfold, there is the simple issue of what many are phrasing as an invasion of privacy. That is true, but the difference here is that “celebrity” exposure is treated differently than if these were pictures of one’s next door neighbor. Back in 2012, a man was sentenced to 10 years in prison for posting nude photos hacked from Scarlett Johansson's phone.

This will certainly be an evolving story as people try to establish a digital crumb trail and see where these images were found. Since Monday is the Labor Day holiday in the United States, it is possible we may not see any official statements from Apple until Tuesday at the earliest.

In the meantime, be good stewards of your digital self. Use strong passwords, secondary authentication, and simply do not put anything on the internet that you would be uncomfortable with the whole world knowing tomorrow.

sources: The Telegraph, Jonathan Zdziarski, @SwiftOnSecurity, Pastebin data



1. vandroid

Posts: 406; Member since: Sep 04, 2012

Were Jennifer Lawrence and Victoria part of the victim list?

3. LeBrownJames

Posts: 201; Member since: Mar 17, 2014

Yes they are.

9. AnTuTu

Posts: 1625; Member since: Oct 14, 2012

hmmmmm and I thought iOS is safe ;)

24. Vexify

Posts: 570; Member since: Jun 16, 2014

Most cloud services are not safe. People who know this before putting their tatas in the cloud lol. Especially when the hacker is ex-NSA.

28. JakeLee

Posts: 1021; Member since: Nov 02, 2013

And why do they have movie clips? iCloud doesn't upload movies. Maybe they hacked Google drive.

29. Sniggly

Posts: 7305; Member since: Dec 05, 2009

They definitely hacked iCloud, at least. Some of the celeb shots show them using iPhones to take the selfies in mirrors and such. Google Drive may have been hacked *too,* but the primary target was iCloud.

19. vincelongman

Posts: 5808; Member since: Feb 10, 2013

Funny thing is Victoria said that hers were fake, but people were able to match items from her leaks to her instagram

26. InspectorGadget80 unregistered

Who cares if a celebrity got their pics stolen. They are all TRASH.

31. Ninetysix

Posts: 2966; Member since: Oct 08, 2012

When did you come out?

2. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Not surprising at all. As it has been recently exposed, there basically is no security for iPhones due to all the backdoor APIs Apple put in. Now we see that iCloud is probably the same way. Feel sorry for the people who put their trust in Apple's security theater. Hopefully more people will learn that the NSA deemed iPhone security to be a complete farce and called iPhone users "iZombies", in part due to their blind trust in Apple. They didn't say these things because they were talking smack. They said these things because it is the truth.

4. Liveitup

Posts: 1798; Member since: Jan 07, 2014

I wonder if you will stick to your comment if and when the full details come out and Android devices or Google drive are also at fault. Its tech its not good when things like this takes place but #hit happens.

7. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

Because so many Android devices use iCloud? I think you've gotten confused again, FakeItUp. Seems like you got assigned to the same team as FakeLee. Are you now working with Fake on the "anti-Android/anti-Google" reputation management team? Remember, Uber is hiring people of your ilk. And you will get to change your title to "Brand Ambassador". It will be good for your CV.

8. Liveitup

Posts: 1798; Member since: Jan 07, 2014

It is alleged that it is iCloud however as time goes by more photos gets leaked and the picture becomes clearer, there could very well Googledrive, Onedrive etc whose security got undermined. I stated what i said earlier cause you are an ardent Android fan who is quick to bash others. As who Fakelee is i don't even know, if any thing i truthitup. If i was interested in bashing Google i would be someone on Android articles bashing them, that's is juvenile and reserved for haters like yourself to bash other platforms.

15. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Liveitup, when the hacker was boasting about doing what he did, he only mentioned hacking users' iCloud accounts to get these photos. If Microsoft or Google's cloud services were involved as well, he'd probably have mentioned them too.

25. Vexify

Posts: 570; Member since: Jun 16, 2014

He did. He mentioned Google Drive and MEGA. Do some research. Go visit 4chan.

30. JC557

Posts: 1926; Member since: Dec 07, 2011

And these people probably have the same user name and password for all those accounts making it trivial to get into.

27. nithyakr

Posts: 161; Member since: Jun 20, 2014

The photos were leaked on Google Drive as well. Go do your research. And in some of the photos, celebrities were taking selfies with Samsung Phones. So it's not only Apple's fault or Google's. But yes, Most of the photos were leaked on iCloud because obviously a lot of celebrities use iPhones than Android phones. So a lot of photos were on iCloud.

20. BobbyDigital

Posts: 2125; Member since: May 29, 2014

You know, I've noticed something about you. You blast others who troll WP articles and yet in almost every post, you manage to say something disparaging about Android and Google. Pot calling the kettle black, I see.

36. Scott93274

Posts: 6042; Member since: Aug 06, 2013

That's just how we roll here on Phone arena. :P

10. microsoftnokiawin

Posts: 1268; Member since: Mar 30, 2012

I don't remember the NSA speaking about any of this I mean share your opinion sure but don't start making crap up long the way you don't need crap to make your argument valid !

22. BobbyDigital

Posts: 2125; Member since: May 29, 2014

Here's the link about the NSA calling iPhone users zombies. -

34. microsoftnokiawin

Posts: 1268; Member since: Mar 30, 2012

thanks you :) !

13. power_x

Posts: 264; Member since: Aug 28, 2013

Or simply don't take nudes of yourself ? Much easier solution than all this hate on iCloud right ?

18. Zeeya

Posts: 331; Member since: Mar 17, 2013

Haha.... stupidest comment ever!

37. Scott93274

Posts: 6042; Member since: Aug 06, 2013

I think it's common sense not to take nudes of yourself especially if you're a high profile celebrity, but that doesn't change the fact that iCloud is marketed as a quality cloud storage service and then this happens. What if you were storing family photos with no backup and then the hacker deleted them all? What if you has personal financial information saved in there? Your personal data needs to be safeguarded properly regardless if you've taken nudes or not.

5. Tritinum

Posts: 471; Member since: May 06, 2014

Solution - stop taking naked pictures of yourself.

14. CannabisHighway

Posts: 18; Member since: Oct 07, 2013

True. People should go back to the Polaroid Instant-non digital photos if they want to do nudes or any freaky stuff.

6. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

Don't worry, BlackBerry welcomes you to join their adventurous secured journey, with just a few swipes. BlackBerry keeps you moving.

11. microsoftnokiawin

Posts: 1268; Member since: Mar 30, 2012

keeps you clothed :p

12. esperanza

Posts: 49; Member since: Mar 23, 2013

I'm a little bit shocked when I saw Jennifer Lawrence's bj photo but She looks pretty in even these kind of photos.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless