Tech

A Closer Look At iCloud Hack Used In Celebrity Photo Leak

Apple says the stolen celebrity photos obtained through iCloud were not the result of a bug. Instead, hackers used "very targeted" attacks.

A Closer Look At iCloud Hack Used In Celebrity Photo Leak
Getty Images / Justin Sullivan
SMS

After the theft and subsequent posting of hundreds of nude celebrity photos, Apple says it's investigating the situation. 

And that's because these photos were allegedly obtained by exploiting Apple's cloud-based storage service, iCloud.

Reports originally indicated the photos were snagged using a bug in Apple's service, but the company denied this in a press release, writing, "accounts were compromised by a very targeted attack on user names, passwords and security questions."

Apple appeared to be referring to a practice used by hackers in what Business Insider referred to as an iCloud Hacking Ring.

"Using specialist password-cracking tools and guessing targets' security questions through Apple's iForgot password reset form, ... hackers are consistently able to gain access to iCloud accounts with only an email address."

After they've gained access, hackers gather the accounts' photos using special data retrieval software. 

So it appears these leaks aren't really the result of any explicit flaws in Apple's code, despite early reports. Instead, the photos were obtained through social engineering — using human error to exploit systems for gain.

According to the Daily Mail, these celebrity photos were obtained over the course of several months and involved more than one individual. One user, however, seems to be the main source of the leaked images. Going by the name "OriginalGuy," the poster promised users he'd share more nude celebrity photos as soon as he moved to another location — reportedly to evade authorities. 

Apple in its press release shared a support article detailing how to improve security while using its services. The company recommends you "always use a strong password and enable two-step verification," a tool that requires users to enter a code sent to a separate, trusted device like your iPhone before you can make changes to your account. (Video via Apple)

One security consultant told the BBC, leaks like these can have a devastating impact on those individuals who've had their information stolen. 

OLIVER CROFTON TO BBC: "We're talking about photographs that are very intimate and very private ... that's going to have a massive impact, a psychological impact, on the people that are involved."

This video includes images from Getty Images.