New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

icloud_icon_blueApple is investigating an alleged breach of several celebrity iCloud accounts that may have allowed hackers to access the private photos and videos of multiple well-known actresses, according to a statement an Apple spokesperson gave to Re/code.
Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.

"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.
Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.

Security researchers have postulated that weak passwords and a lack of two-factor authentication may have led to the breach if iCloud is the source of the leaked images, and it's also possible that a Python script shared on Github a few days ago may have allowed hackers to exploit a vulnerability in Find My iPhone.

As described by The Next Web, the tool allowed hackers to repeatedly guess passwords without being locked out of an iCloud/Apple ID account, brute forcing their way into accounts. Though it is unclear if the tool was responsible for any hacked celebrity accounts, Apple did fix the vulnerability earlier today. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

Multiple security researchers have suggested that any iCloud attacks may have been preventable with two-factor authentication, which Apple first introduced in March of 2013. The two-step verification system adds an additional layer of protection for Apple accounts, requiring both a security code and a "trusted" device to log into an account, in addition to a password.

Top Rated Comments

(View all)

9 weeks ago
Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distribution numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.
Rating: 58 Votes
9 weeks ago
I love some people were so mad about the NSA violating privacy, but are praising some random guy who pretty much did exactly what the NSA does.

Anyway, I feel bad for the celebs, but typical 4chan.
Rating: 34 Votes
9 weeks ago

That's a pretty big vulnerability they left open. I wonder if Apple will now force people to use 2 step authentication. As annoying as it is, it works.


I'm uncomfortable with dancing to login.
Rating: 25 Votes
9 weeks ago
The internet is referring to the incident as "The Fappening". Be sure to tell your grandkids.. You were there.
Rating: 23 Votes
9 weeks ago

Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distributions numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.


Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.


I think you just want to criticize Apple and/or Macrumors. Kind of a waste of time if you ask me, but hey don't let me tell you what to do.
Rating: 21 Votes
9 weeks ago

It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.

Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

I don't get why people are defending Apple on this one. You sound like you work for Apple's PR. At this point it is absolutely obvious that it's Apple's fault. They left their platform wide open for attacks like that.
Rating: 21 Votes
9 weeks ago
***READ****

This is not an iCloud hack, breach, or brute. This story has been spun to (my guess) take away from the big event September 9th.

There isn't a single leak or a single hacker. These images originate from a small celebrity nude ring on the darknet. They typically require people to "buy-in" with an original image.

Considering that celebrities almost all use an iPhone, putting iCloud hack in the headline is sure to grab attention and make some people actually believe it.
Rating: 20 Votes
9 weeks ago
Talk about a PR nightmare...
Rating: 19 Votes
9 weeks ago
Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.
Rating: 19 Votes
9 weeks ago
Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.
Rating: 18 Votes

[ Read All Comments ]