Nude celebrity photo leak investigated by FBI and Apple

The FBI and Apple have opened an investigation into how nude photographs were intercepted and leaked from the private accounts of scores of female celebrities.

A number of the hacked stars have confirmed the authenticity of the images, including the actress Jennifer Lawrence, best known for her role in the Hunger Games films, and Mary Elizabeth Winstead, who starred in popular horror films such as Final Destination 3.

Apple initially declined to comment on reports that the photos came from celebrities' iCloud accounts, but last night company spokeswoman Nat Kerris told Reuters: "We take user privacy very seriously and are actively investigating this report."

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

An FBI spokesman said that it was "aware of the allegations" and "addressing the matter", the Associated Press reports.

Online security experts have raised questions over the safety of "cloud" storage sites.

"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," Ken Westin, security analyst at Tripwire told the BBC. "Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest.

"If you can view the image in the cloud service, so can a hacker," Westin said.

One anonymous user of the porn website AnonIB claimed responsibility for coordinating a group of hackers to steal the celebrities' private pictures, the Daily Mail reports. The user said he or she would be moving to a new location and would then post more photos.

"Guys, just to let you know I didn't do this by myself," the user wrote. "There are several other people who were in on it and I needed to count on to make this happened [sic]. This is the result of several months of long and hard work by all involved. We appreciate your donations and applaud your excitement.

"I will soon be moving to another location from which I will continue to post".

It is not yet known whether the poster's claims are genuine.

Nude Jennifer Lawrence photos raise iCloud security fears

1 September

A hacker has published naked photos and videos apparently showing more than 100 celebrities, including actress Jennifer Lawrence, reality TV star Kim Kardashian and singer Rihanna, in a major breach of online privacy.

The leak of the nude images has generated significant concern over the safety of internet services, with many analysts suggesting that the security used by many major sites and applications is insufficient and vulnerable to attack.

The image-based bulletin board 4chan yesterday published naked photos appearing to show Glee star Lea Michele, singer Hillary Duff, Spiderman actress Kirsten Dunst, and models Jenny McCarthy and Kate Upton.

While some of those exposed have claimed that the pictures are fake, Jennifer Lawrence's representatives released a statement to entertainment news website TMZ which apparently confirmed that they are genuine.

"This is a flagrant violation of privacy," it said. "The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence."

A number of celebrities used Twitter to confirm that the photos were real. Mary Winstead said she can only imagine the "creepy effort" that went into acquiring the pictures.

Initial reports suggest that the hacker or hackers responsible may have acquired the files by accessing the iCloud accounts of the celebrities, but this has yet to be confirmed. The Guardian contacted Apple for comment, but the company has not yet responded.

So how secure is iCloud? According to the official Apple website, iCloud uses secure tokens to authenticate an account by sending usernames and passwords over an encrypted web connection. According to Mashable's Christina Warren this means that "as long as your password is unique and secure, it should be very difficult for someone to intercept your data as it is sent from your phone or computer to Apple's servers".

For many users, online security becomes an issue when they reuse the same password in multiple locations. "This is problematic," Warren says "because if a site that you use frequently is hacked and you use that email/password combination for other accounts, all of those accounts are at risk, too". A number of major online companies including eBay and Adobe have been hacked recently making many users' passwords vulnerable.

Another way hackers might access private information is by exploiting the "forgot password" option in iCloud. Depending on how an iCloud account has been set up, this could be done by answering some verification questions. If the answers to the questions are easy or, in the case of celebrities, publically available, then a hacker could quite easily gain access to users' private data.

Apple news website 9to5mac.com reports that because videos don’t work with the My Photo Stream component of iCloud, it is unlikely that the service was solely to blame for the leaks. "This leads most to believe that the hacker got these files from multiple sources," the site says.

News.com.au offers some advice on keeping passwords secure including creating strong passwords that don't involve common keyboard combinations such as "123456" or "qwerty", making sure the password you use for each site is unique and using two-factor authentication, in which a verification code sent to a user's mobile phone must be entered as well as a password.