Security Experts:

Apple, FBI Investigate Massive Celebrity Photo 'Hack'

LOS ANGELES - The FBI and Apple were urgently investigating Monday after an apparent massive hack of a cloud data service unleashed a torrent of intimate pictures of dozens of celebrities across the Internet.

Anonymous posters to online message boards boasted of having nude images of scores of female stars including Oscar-winner Jennifer Lawrence and top model Kate Upton.

Reports suggested hackers had "ripped" private images from Apple's iCloud online data storage, a potentially embarrassing -- and damaging -- breach for the California tech giant.

"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris, the Re/code website reported.

The FBI has also joined the hunt, other US reports said.

"The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter," The Los Angeles Times quoted Laura Eimiller, spokeswoman for the FBI in Los Angeles, as saying.

"Any further comment would be inappropriate at this time," she added.

Some of the pictures had previously been circulated on message forums, and others appeared fake, but some major stars expressed outrage and threatened legal action.

"This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence," Lawrence's agent told entertainment media.

Upton's lawyer, Lawrence Shore, told Us Magazine: "We intend to pursue anyone disseminating or duplicating these images to the fullest extent possible."

By late Sunday, Twitter had begun suspending accounts that linked to the Lawrence photos, tech news site Mashable reported.

Among the scores of celebrities whose pictures were allegedly stolen were singer Avril Lavigne, actress Hayden Panettiere and United States soccer star Hope Solo.

Former Nickelodeon star and singer Victoria Justice said the images claiming to show her nude were anything but the real deal.

"These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*" she tweeted.

A spokesperson for actress and pop star Ariana Grande told BuzzFeed that images said to be of her are "completely fake."

'Creepy effort'

But horror movie actress Mary Elizabeth Winstead confirmed that some of her private pictures were in circulation and condemned those who stole them and who circulated them.

"To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves," she tweeted.

"Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked."

The scale of the breach became apparent on Sunday when users of the 4chan message board, a diverse online community that has been criticized in the past for misogyny, began sharing pictures.

Some more mainstream news and entertainment sites took up the story -- and some linked to the images before taking them down amid legal threats and public outrage.

According to a report on news and gossip site Gawker, users of a AnonIB -- an anonymous photo-sharing platform -- have been boasting of a hack since last week.

Some users, hiding behind pseudonyms, made an apparent attempt to sell the pictures or to trade them with fellow hackers for others.

Security hole?

Tech news site The Next Web reported what it said was evidence that hackers had found a weakness in Apple's "Find my iPhone" service, an app that tracks lost or stolen handsets.

Apple has patched the alleged hole, the report said, but not before news of it spread in the hacker community, perhaps allowing unscrupulous strangers to access private online data.

But other reports suggested that the pictures could have been collated from multiple sources, perhaps not including iCloud at all, and may have been gathered over several years.

News site Deadspin said it had been contacted in early August by a source claiming he had been offered the pictures for sale.

The scale of the hack, and the targeting of women in the public eye, quickly revived the debate on social media about privacy concerns and about misogyny on the Internet.

The scandal also posed a public relations challenge to tech companies, who have been marketing online storage like iCloud, DropBox or GoogleDrive as a safe haven for users' private data.

Several popular tech blogs marked the story by providing advice on storing private data safely, by using advanced encryption and two-step password identification or by keeping it offline.

Subscribe to the SecurityWeek Email Briefing
view counter
view counter