For a full update on this story, please click here.
iCloud’s “Find my iPhone” function is flawed. It’s designed to help Apple customers find missing iOS devices, not to help Internet ooglers feast on private nude pics of celebs.
Yet that’s just what a rash of hacks of the popular Apple cloud service feature led to over the weekend -- a massive leak of real and fake naked images of famous leading ladies, models and singers. The photos were originally posted on the image sharing site 4Chan, then hemorrhaged out to Twitter, Reddit and just about everywhere else on the interwebs from there.
Celebs whose intimate pictures (and, in some cases, videos) were laid bare in the reported iCloud attack include Oscar-winner Jennifer Lawrence, Grammy Award-winning singer-rapper Rihanna, supermodel Kate Upton, actor-director Kirsten Dunst, possibly up to 100 famous American and British female personalities in all.
To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.— Mary E. Winstead (@M_E_Winstead) August 31, 2014
Apple is apparently taking the revealing breach seriously, saying in a statement yesterday that it is “actively investigating” the alleged attacks, which Lawrence’s spokespeople call “a flagrant violation of privacy.”
“We take user privacy very seriously and are actively investigating this report,” Natalie Kerris, a spokesperson for the Cupertino, Calif.-based tech giant said, reports The Wall Street Journal. No other details on Apple’s ongoing investigation were provided.
The FBI is also probing the incident. “The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter,” the agency said in a statement to The Hollywood Reporter. “Any further comment would be inappropriate at this time."
Thank you iCloud??— Kirsten Dunst (@kirstendunst) September 1, 2014
Exactly how the attacks were perpetrated isn’t yet clear. However, according to The Next Web, the hacks could be connected to the use of a brute force script, fittingly called “iBrute,” that recently made the rounds on GitHub.
The malicious software enables cyberattackers to guess iCloud passwords over and over, without being locked out or notifying iCloud account owners after incorrect passwords have been entered numerous times. After the password is correctly reckoned, the hacker has free reign over everything stored in iCloud, including users’ password lists, photos, videos, email, contacts, calendar appointments and reminders, documents and more. Pretty scary, right?
The leaks sparked an uproar on the Internet after the stolen celeb snapshots surfaced Sunday, fueling fears that all iCloud accounts are vulnerable.
The silver lining here, if there is one, is that this whole scandalous mess likely might have been avoided had the victims turned on a single protective AppleID feature called “two-step verification,” security pros from FireEye told re/code. (At the moment, it's unclear whether any of these celebrities had the feature enabled.) Oh, and how about never snapping pics of yourself in the buff with your iPhone in the first place, especially if you’re famous?
Other steps you can take to protect your iCloud account -- and hopefully everything in it -- include:
1. Disable iCloud on your iPhone, iPad and/or Mac computer. Here’s how.
2. Delete photos you don’t want ever seeing the light of day from your iPhone’s Photo Stream. You know, those ones, not that you’d have any anyway. Remember, just because you delete a photo from your iPhone doesn’t mean it’s deleted from your Photo Stream. Or, better yet, turn off your Photo Stream altogether.Do You Really Need to Change Your Passwords Every Three Months?