Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Apple, FBI Investigate Massive Celebrity Photo ‘Hack’

LOS ANGELES – The FBI and Apple were urgently investigating Monday after an apparent massive hack of a cloud data service unleashed a torrent of intimate pictures of dozens of celebrities across the Internet.

LOS ANGELES – The FBI and Apple were urgently investigating Monday after an apparent massive hack of a cloud data service unleashed a torrent of intimate pictures of dozens of celebrities across the Internet.

Anonymous posters to online message boards boasted of having nude images of scores of female stars including Oscar-winner Jennifer Lawrence and top model Kate Upton.

Reports suggested hackers had “ripped” private images from Apple’s iCloud online data storage, a potentially embarrassing — and damaging — breach for the California tech giant.

“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris, the Re/code website reported.

The FBI has also joined the hunt, other US reports said.

“The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter,” The Los Angeles Times quoted Laura Eimiller, spokeswoman for the FBI in Los Angeles, as saying.

“Any further comment would be inappropriate at this time,” she added.

Some of the pictures had previously been circulated on message forums, and others appeared fake, but some major stars expressed outrage and threatened legal action.

Advertisement. Scroll to continue reading.

“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” Lawrence’s agent told entertainment media.

Upton’s lawyer, Lawrence Shore, told Us Magazine: “We intend to pursue anyone disseminating or duplicating these images to the fullest extent possible.”

By late Sunday, Twitter had begun suspending accounts that linked to the Lawrence photos, tech news site Mashable reported.

Among the scores of celebrities whose pictures were allegedly stolen were singer Avril Lavigne, actress Hayden Panettiere and United States soccer star Hope Solo.

Former Nickelodeon star and singer Victoria Justice said the images claiming to show her nude were anything but the real deal.

“These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*” she tweeted.

A spokesperson for actress and pop star Ariana Grande told BuzzFeed that images said to be of her are “completely fake.”

‘Creepy effort’

But horror movie actress Mary Elizabeth Winstead confirmed that some of her private pictures were in circulation and condemned those who stole them and who circulated them.

“To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves,” she tweeted.

“Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.”

The scale of the breach became apparent on Sunday when users of the 4chan message board, a diverse online community that has been criticized in the past for misogyny, began sharing pictures.

Some more mainstream news and entertainment sites took up the story — and some linked to the images before taking them down amid legal threats and public outrage.

According to a report on news and gossip site Gawker, users of a AnonIB — an anonymous photo-sharing platform — have been boasting of a hack since last week.

Some users, hiding behind pseudonyms, made an apparent attempt to sell the pictures or to trade them with fellow hackers for others.

Security hole?

Tech news site The Next Web reported what it said was evidence that hackers had found a weakness in Apple’s “Find my iPhone” service, an app that tracks lost or stolen handsets.

Apple has patched the alleged hole, the report said, but not before news of it spread in the hacker community, perhaps allowing unscrupulous strangers to access private online data.

But other reports suggested that the pictures could have been collated from multiple sources, perhaps not including iCloud at all, and may have been gathered over several years.

News site Deadspin said it had been contacted in early August by a source claiming he had been offered the pictures for sale.

The scale of the hack, and the targeting of women in the public eye, quickly revived the debate on social media about privacy concerns and about misogyny on the Internet.

The scandal also posed a public relations challenge to tech companies, who have been marketing online storage like iCloud, DropBox or GoogleDrive as a safe haven for users’ private data.

Several popular tech blogs marked the story by providing advice on storing private data safely, by using advanced encryption and two-step password identification or by keeping it offline.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.