Apple 'actively investigating' celebrity photo leaks for possible iCloud connection
Apple on Monday confirmed in a short statement that it is in the process of determining whether or not security breaches in its online services were responsible for the outing of hundreds of racy photos of celebrities, including actress Jennifer Lawrence and model Kate Upton, over the weekend.
"We take user privacy very seriously and are actively investigating this report," Apple representative Natalie Kerris told Re/code. The company has not made any further public comment.
Rumors of an iCloud security breach began circulating as soon as the first photos hit the web on Sunday, though there remains scant evidence to support the claims. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they are privy to the technical details of the leaks.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
Adding confusion to the mix was the Monday disclosure of a flaw in Apple's "Find my iPhone" service that could allow attackers to use brute force tactics against weak iCloud passwords when the login email address was known. Apple quickly patched that hole, and it is unclear what role, if any, it may have played in the leak.
Numerous previous leaks that had been initially attributed to "hacks" were later found to actually be the result of a combination of social engineering techniques and poor password management on the part of the victims, and those issues remain the most likely explanations for Sunday's release.
"We take user privacy very seriously and are actively investigating this report," Apple representative Natalie Kerris told Re/code. The company has not made any further public comment.
Rumors of an iCloud security breach began circulating as soon as the first photos hit the web on Sunday, though there remains scant evidence to support the claims. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they are privy to the technical details of the leaks.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
Adding confusion to the mix was the Monday disclosure of a flaw in Apple's "Find my iPhone" service that could allow attackers to use brute force tactics against weak iCloud passwords when the login email address was known. Apple quickly patched that hole, and it is unclear what role, if any, it may have played in the leak.
Numerous previous leaks that had been initially attributed to "hacks" were later found to actually be the result of a combination of social engineering techniques and poor password management on the part of the victims, and those issues remain the most likely explanations for Sunday's release.
Comments
#2 rule - never let anyone take your picture naked.
follow these two simple rules.
2) Bit late to the party on this story AI, already discussed in depth over here:
http://forums.appleinsider.com/t/182037/apples-secret-iphone-6-digital-payment-system-said-to-also-include-visa-mastercard
FYI, that was yesterday
3) I didn't see any proof of a 5.5 incher in those pics¡
[....]The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they are privy to the technical details of the leaks.
[....]
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
[....]
Adding confusion to the mix was the Monday disclosure of a flaw in Apple's "Find my iPhone" service that could allow attackers to use brute force tactics against weak iCloud passwords when the login email address was known. Apple quickly patched that hole, and it is unclear what role, if any, it may have played in the leak.
[....]
lots of people 'get' photos via email or MMS... although it's an exercise for the user to put them into your photo stream, it's a pretty minor effort to mine your apple email if I got your password by hook or by crook. Or just hook up a phone to each of these accounts with the apple ID password, and latch onto the streams of information (notes, photo streams, etc).
NB:
I love the irony of people who get photographed at various levels of undress, and then take/get/store pictures of themselves in various levels of undress, and then claim foul when they feel their 'privacy' was impinged. (I know, the choice of what is published and what is personal is the very definition of privacy). 'Exposure' is their only fungible asset.
Now Justin Verlander... what did Mickey Say "Lay off the Women... Women Weaken Legs!" He got more than his fair share of exposure.
3) I didn't see any proof of a 5.5 incher in those pics¡
No, but there were a couple of definite 'large diagonals' exposed.;-)
...that said, sometimes I wonder about some of the photos that get leaked, i.e., I can see wannabe D-listers, somewhat there starlets who can't get press, and those finding themselves losing relevance, "Wow, look what leaks did for Paris Hilton and [insert relevant 15 minutes of fame and looking for more name here]...."
....and then kinda, sorta, maybe leaving some stuff where it practically begs to be picked up and published, and then getting in front of the media cameras all indignant (but lookin' good!) and upping their Q factor...
http://forums.appleinsider.com/t/182037/apples-secret-iphone-6-digital-payment-system-said-to-also-include-visa-mastercard
FYI, that was yesterday[/QUOTE]
Yesterday was really just the celebrity stuff. Today is an actual article about Apple actively investigating the leak of photos that appear to have come from iCloud. The other tech sites are also only now reporting on Apple investigating how these accounts were breached.
Leaving anything you don't want seen in an online computer or repository with anything less than best practices (frequently changed LastPass passwords, two factor authentication, 256 AES encryption, e.g.) is an invitation to the "hackarazzis"...
...that said, sometimes I wonder about some of the photos that get leaked, i.e., I can see wannabe D-listers, somewhat there starlets who can't get press, and those finding themselves losing relevance, "Wow, look what leaks did for Paris Hilton and [insert relevant 15 minutes of fame and looking for more name here]...."
....and then kinda, sorta, maybe leaving some stuff where it practically begs to be picked up and published, and then getting in front of the media cameras all indignant (but lookin' good!) and upping their Q factor...
agreed. on all points.
I did bring up adding the TouchID /secure enclave to all Macs (I wonder if it's possible without the ARM chip), thus making apple's iCloud access fully 2 factor from all Apple-Sold vantage points (would require an iPod Touch with touchID, and maybe a TouchID on your AppleTV remote... but I digress....).
The fact that Apple's site would allow for infinite tries made me feel this was a targeted attack on individuals, probably seeding passwords captures through other means, and then doing brute force if no hits.
Hmm. I assume the person in charge of the 'active investigation' has to take a proper inventory of all the compromising data on iCloud, so as to have an accurate sense of what proportion was hacked/compromised, no?
Nice job....
3) I didn't see any proof of a 5.5 incher in those pics¡
That's because only naked women were hacked
1) I know LastPass is free but I don't care for their UI and that it's all saved on their servers.
2) I'm not sure if LastPass has this security feature but when I click on my 1Password browser extension to add a username and password 1Password will first warn me that the site is not using SSL. In all cases this is one of those wonky webpage setups that you can click Submit on the empty field to have the page reloads with SSL page telling you your submitted username and password were incorrect and to type them in again. Or just change the HTTP to HTTPS, but I find the other way faster. Anyway… does LastPass have that?
#2 rule - never let anyone take your picture naked.
You’d be surprised at the number of people who claim this isn’t a valid argument and that people should be allowed to do whatever they want.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
Why does it matter so much about the size of the photo? I have no issues with them.
So is Apple confirming that iCloud was breached or is that what they're investigating? Because the media has run with this story (being a slow news weekend with Labor Day holiday and all) and are basically calling it an iCloud hack.
On the one side Antennagate.
I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
Apple's response to Antennagate was slow, measured, and basically, a problem in the industry, not with our phone.
But if anything,everyone should be changing their AppleID passwords, just a a matter of good hygiene
They do have a point.
And let's face it, anarchy has generally worked out well for anybody who's ever tried it in the past.
/s
NB:
I love the irony of people who get photographed at various levels of undress, and then take/get/store pictures of themselves in various levels of undress, and then claim foul when they feel their 'privacy' was impinged. (I know, the choice of what is published and what is personal is the very definition of privacy). 'Exposure' is their only fungible asset.
Now Justin Verlander... what did Mickey Say "Lay off the Women... Women Weaken Legs!" He got more than his fair share of exposure.
Rant is a little hard to follow; but are you saying that if they had been clothed, then the situation would not be "impinged privacy", and they would then have no "claim" of foul?
(or in other words; what does their level of undress have to do with anything?)
On the one side Antennagate.
I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
Apple's response to Antennagate was slow, measured, and basically, a problem in the industry, not with our phone.
But if anything,everyone should be changing their AppleID passwords, just a a matter of good hygiene
If this wasn't an iCloud hack there's nothing for Apple to show. Unfortunately everyone seems to be rushing to blame it on an iCloud hack when no one knows for sure if that's what happened. I find it highly suspicious this comes out a week before Apple's big event.
Ha! Hardly suspicious. More likely; "expected". (never fails
)
Still a week to go. Won't be the least bit surprised if somebody tries yet another smear before then.
On the one side Antennagate.
I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
Apple's response to Antennagate was slow, measured, and basically, a problem in the industry, not with our phone.
But if anything,everyone should be changing their AppleID passwords, just a a matter of good hygiene
This is different. Apple is typically quick about fixing security holes(well, as fast as they can fix these things). They've already patched the hole that allowed unlimited number of password tries. No, i'm not changing my password. They had to know my email address first. Even then, my password is strong enough that even a brute force won't break it(unless they try every combination of characters which will take years). Typical brute force method uses a list of known weak passwords. In some cases, they may try dictionary attack, but that's rarely done online due to the number of tries needed. Dictionary attack is normally done locally where it's much quicker.
These celebs had easy passwords or they were retrieved via social engineering, phishing or some other method.
If you have good password, i wouldn't worry about it.....unless it turns out that there was some systemwide hack on iCloud(which is extremely unlikely).