Over the weekend, more than 100 A-list Hollywood stars had their private pictures leaked on the interwebs. And not just pictures per se – it was a combination of semi-nude, fully naked, and other revealing pictures of female celebrities. The celebrities who had their privacy blatantly invaded are such as “The Hunger Games” actress Jennifer Lawrence, Kirsten Dunst, Mary Elizabeth Winstead, pop star Ariana Grande, and more.
According to anonymous 4Chan users, the incriminating material was obtain from the celebrities’ iCloud accounts. The leak was teased earlier this week when an anonymous user suggested that they had access to a cache of celebrities’ personal photos. The user that claimed responsibility for the hack indicated that more pictures and videos of the celebrities were available, but requested both Bitcoin and monetary donations to a PayPal account before the stolen images and videos were posted:
What’s an iCloud account? Apple users would know that it’s a virtual storing service that allows iPhone, iPad, and Mac users to synchronise images, settings, calendar information, and other data between devices. Android users too have access to a similar service in which they can sync their data to their Gmail account. That, and there’s also Google Drive.
Other external virtual storage services that exist are such as Dropbox, Box, OneDrive, 4shared, and more.
The massive hack now raises questions about how it happened, what it means for other services, and what’s being done about this.
How Did It Happen?
Apple hasn’t confirmed that the pictures did in fact come from the celebrities’ iCloud accounts but some reports are speculating that it’s possible that it did. It seems that the hackers could’ve used a tool called iBrute, which can repeatedly try different combinations of passwords on Apple’s “Find My iPhone” service until one of them works. What has Apple’s “Find My iPhone” service got to do with access to an iCloud account? Well, only when “Find My iPhone” is breached, it’s possible to access iCloud passwords and view images and other data stored in a user’s iCloud account.
But it’s not like Apple hasn’t done anything about this possible flaw – the tech giant has previously allowed an unlimited number of password tries on “Find My iPhone” but it has since been limited to 5 attempts, making iBrute ineffective.
As such, other reports suggest that an Apple staff or more with the ability to access iCloud backups could be the one(s) behind it all. Again, Apple has long since countered that flaw with its support documents which state that iCloud backups are encrypted: “This means that your data is protected from unauthorised access both while it is being transmitted to your devices and when it is stored in the cloud.”
What Does It Mean For Other Services?
To be fair, a breach/invasion of privacy aka an invasion of another’s personal life is only possible there was incriminating material to expose. There’s a saying that once something goes on the interwebs (and in this case, not necessarily just websites or social media platforms alone), it will stay on the interwebs. As such, even other virtual storage services can’t guarantee that your data, be it something as simple as settings, calendar, or something more personal such as images, is 100% safe. Also because nothing is 100% perfect.
If you’re using other services, especially those that have smartphone applications that automatically connected your smartphone’s storage to the service, be very careful with what you choose to backup.
For example, when you install the Dropbox application in your smartphone, it provides an option to automatically upload photos taken on the device to Dropbox. Similarly, iCloud automatically backs up your device over Wi-Fi every day while it’s turned on, locked, and connected to a power source. Unless if you remember to disable that function and unlink yourself.
Keep that in mind!
What’s Being Done About This?
Meanwhile, Apple is “actively investigating” the alleged exploit to its iCloud service. An Apply spokesperson reportedly told Recode, “We take user privacy very seriuosly and are actively investigating this report.”
Also, the FBI too is paying close attention to the case, releasing the following statement that promises that it is “addressing the matter” : “The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. … Any further comment would be inappropriate at this time.”
Meanwhile, a word of advice: Never ever take semi-nude/nude pictures of yourself regardless of how “safe” you think your data can be. Even if you don’t accidentally upload pictures onto the interwebs, don’t forget that your smartphone can go missing or get stolen when you least expect it. Nothing escapes the digital stratosphere, ever.
Be wary of your own cyber safety.