Apple Says It Is “Actively Investigating” Celeb Photo Hack

Title: Apple Investigates Breach of Privacy in Celebrity iCloud Photo Hack

Updated Content:

In a statement released on Monday, technology giant Apple announced that it was “thoroughly investigating” an alarming infraction of several iCloud accounts. This invasive incident involved unauthorized individuals illegally gaining access to and propagating revealing photos and videos featuring well-known celebrities across the virtual hemisphere.

“We value user privacy immensely and are rigorously investigating this report,” stated Apple’s spokesperson, Natalie Kerris, emphasizing Apple’s commitment to resolve this unsettling issue.

The illicit photos, consisting of genuine images and alleged alterations, reportedly originated from the iCloud accounts of several high-profile personalities, including Oscar-winning actress Jennifer Lawrence. The images were unveiled on the internet-based image sharing community, 4Chan, from where they promptly circulated across the digital landscape, emerging on popular social media platforms such as Twitter, Reddit, and similar others.

[picture of Jennifer Lawrence]

Security analysts theorize that employing ‘two-factor authentication’ on their accounts could have averted the digital invasion. However, Apple has not yet shared a definitive account of how the attacks were brought about. Security specialists from FireEye, a leading cybersecurity firm, reviewed the evidence surfaced to this point. The insights suggest that the attack mechanism is relatively straightforward, and could have been prevented if stringent security measures were employed on the targeted accounts.

This extra layer of security – two-factor authentication – is labeled by Apple as ‘two-step verification.’ Yet, critics like Darien Kindlund, Director of Threat Research at FireEye, argue that Apple has not sufficiently promoted this protective measure. “Apple was slow to offer this type of protection and has not marketed it well. You need to delve deep into the support articles to discover it,” he added.

Once activated, two-step verification necessitates the user to input a numeric code dispatched to their mobile or another apparatus, in conjunction with their routine password. As the number continuously evolves, it allows fortifying the account security significantly, as it becomes difficult for attackers to infiltrate the account even if they possess the password.

In case the compromised accounts lacked the active two-step verification, access to the accounts for the intruder would have been relatively straightforward.

According to a report by The Next Web, the attack appears to be connected to a software known as iBrute available on Github. This software is capable of executing automated brute-force attacks on iCloud accounts, guessing passwords repeatedly until the correct one is identified. While this method could be monotonous for a human, it is a facile and expedient task for a machine.

[picture of Github login with iBrute]

Complicating matters, the anonymous assailant benefited from a critical flaw in Apple’s system: the allowance of an limitless number of password attempts. Typically, systems cap the number of incorrect password attempts to protect against unauthorized access. However, Apple has since rectified this specific vulnerability.

[picture of Apple logo]

While there’s no solid evidence linking the iBrute program directly to the breaches, the timing of the incident coincides with a presentation given by security experts regarding iCloud security, prompting speculation.

The iBrute program, designed by Russian security researchers as a proof of concept, was showcased at a security conference held in St. Petersburg earlier in the month.

Regrettably, this is not the first time such an invasion has occurred, and it is unlikely to be the last. As far back as 2005, pictures and text messages from Paris Hilton’s smartphone were filched from her cloud storage account. The culprits behind that incident, a group of young men, faced charges for their actions which included attacking the database giant, LexisNexis.

[source: Arik Hesseldahl/Recode]

[iCloud logo]

This article serves to reiterate the constant battle to protect privacy in the increasingly interconnected digital world. Stay vigilant with your digital footprint and always prioritize your online security.

[external link to: iCloud security features and privacy tips]

_This article was updated in 2025 to reflect modern realities._

[UPDATED_TB_2025]