Apple's annual developer conference in San Francisco.
Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts
Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.
"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.
Security researchers have postulated that weak passwords and a lack of two-factor authentication may have led to the breach if iCloud is the source of the leaked images, and it's also possible that a Python script shared on Github a few days ago may have allowed hackers to exploit a vulnerability in Find My iPhone.
As described by The Next Web, the tool allowed hackers to repeatedly guess passwords without being locked out of an iCloud/Apple ID account, brute forcing their way into accounts. Though it is unclear if the tool was responsible for any hacked celebrity accounts, Apple did fix the vulnerability earlier today. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.
Multiple security researchers have suggested that any iCloud attacks may have been preventable with two-factor authentication, which Apple first introduced in March of 2013. The two-step verification system adds an additional layer of protection for Apple accounts, requiring both a security code and a "trusted" device to log into an account, in addition to a password.