In recent days, intimate photographs and videos of more than 100 celebrities (including Jennifer Lawrence, Kate Upton, and Kirsten Dunst) were leaked onto the Internet. Supposedly, all of the people affected were iPhone and iCloud users – this has not been 100% confirmed.
Apple are saying it was just a good old fashioned phishing attack:
Apple has clarified that the yet-to-be-identified hacker or hackers who recently leaked nude photographs of celebrities such as Kirsten Dunst, Kate Upton, Jennifer Lawrence, did not breach any of its servers or systems.
Dozens of personal photos featuring nude celebrities were leaked online last weekend, with many reports subsequently asserting that Apple was to blame for the invasion of privacy. More specifically, it was widely thought that at least one hacker was able to violate the privacy of celebrities by exploiting a security flaw in Apple’s iCloud platform or Apple’s Find My iPhone service.
Speculation suggests that a hacker may have taken advantage of an iCloud gitch or even a Photo Stream failure in order to steal nude photos of mostly female celebrities – such as Jennifer Lawrence, Rihanna, Ariana Grande, Kate Upton, Kaley Cuoco, and many others – and post them on the online message board 4chan and Reddit. Apple however has denied those claims, after conducting roughly 40 hours of investigation.
“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source,” Apple announced in a statement released on 2 September. “Our customers’ privacy and security are of utmost importance to us.”
The company continued, “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.”
Apple said it would continue to work with law enforcement agencies to help identify the criminals involved, and it recommended people visit its support pages for more information on how to setup a strong password as well as two-step verification.
Moral of the story is don’t put any sensitive information or files on the internet. Period. But if you must do so then at least use strong passwords and 2 step verification.