You're assuming this was all done at the same time. Most likely, these were pictures that were collected over years by many different hackers. I'm betting that some of the accounts took LONG time to finally gain access.
Seems more likely that this is the case. A mix of social engineering and hacking undertaken by many people.
I am not surprised this has happened. Numerous phishing emails have gone out in the last few weeks that looked like Apple asking for people to verify their user name and passwords to iCloud. People stupid enough to answering these phishing attempts is not Apple's problem.
Anonynous has confirmed the existence of an "underground celeb n00d-trading ring." The event includes a number of people who essentially simultaneously released the celebrity photos according to Anonymous.
Unfortunately, you can't trust Anonymous to turn them in to the authorities since they themselves are linked to criminals, as many of them are.
More than likely this was the work of many hackers over a length of time using various different methods to obtain the photos. Seeing as the pictures clearly come from different devices. One folder was noted to having drop box documents in it.
Blaming this on iCloud I think is either a purposeful burn of Apple right before a major product launch or a way to deflect from how the pictures were actually gathered. Either way the news media is doing a good job of perpetrating that narrative.
Apple is in a difficult position on this one. They want positive PR for iOS8 and its new cloud functionality.
Because this is clearly not all the fault of iCloud and may not be directly any fault of iCloud. Apple needs to defend iCloud's security methods without making its users (in this case Hollywood actresses) look inept or stupid.
When you set up iCloud on a new computer (say Windows) you have to first install it. Then it creates an iCloud Pictures folder on your machine where you can view pictures from your iCloud account.
There is NO WAY to view photos in an iCloud account from a browser. You have to set it up on a PC first. It's been a long time since I've done this, but you're supposed to get a message on your other devices informing you a new computer has been added.
If anyone has a PC that they've NEVER previously set up for iCloud, perhaps they can try it and see if they get the message.
I find it odd that someone can claim to have downloaded pictures from someone's iCloud account WITHOUT having first set up a new computer to receive them, and doing so without the knowledge of the owner of the account (who should have received a message).
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
What is hilarious to ME is that people like you only seem to get outraged when you notice this type of reporting going on about something you're personally passionate about.
The rest of time you take headlines for truth, despite the fact that half of them are exaggerations, the other half, lies.
Gruber points to a potential flaw with Find My Friends that doesn't prevent brute force attacks. If that is the case then Apple is definitely to blame.
What is interesting -- and impressive -- to me is how none of these have shown up in public websites. I also read a couple of news stories that some of the sites that had it up are taking it down voluntarily.
Nice to see that fear can sometimes induce decency.
There was an iCloud vulnerability, and an exploit called iBrute was released the day before the breach (yesterday). Apple has since patched it (early this morning). It was a kind of brute password attack. It looks like they went after celebrities. It wasn't a mass password grab of random accounts. It was a targeted attack.
(for some reason Huddler script didn't copy your quote here)
So about your question: "how did they get photos from iCloud?" The answer is, apparently, if you backup your phone to iCloud, the photos, videos can be retrieved from the backup file.
Gruber points to a potential flaw with Find My Friends that doesn't prevent brute force attacks. If that is the case then Apple is definitely to blame.
The iBrute hack was relatively new and how would someone find all of those email addresses and find all of the passwords in such a short amount of time. Not to mention some of the victims are Android users.
Its possible iBrute was used to access some of these photos, but I cannot see it possible to have gotten all of them.
Comments
Apparently most, but not all, of the metadata in the photos indicated iPhone pictures. Which doesn't rule out dropbox of course.
or e-mail/messages sent to/from iPhone users containing pictures... It's likely easier to get photos from an email than your photo stream.
What on earth is wrong with naked?
You're assuming this was all done at the same time. Most likely, these were pictures that were collected over years by many different hackers. I'm betting that some of the accounts took LONG time to finally gain access.
Seems more likely that this is the case. A mix of social engineering and hacking undertaken by many people.
I was referencing that UK newspaper which Murdoch used to own. The one that hacked celebrity voice mails for profit.
Murdoch's threatening to sue rivals in Australia for publishing leaked News Corp financial data...
...quite ironic really.
Now tell me about these VIDEOS that supposedly came from iCloud.
I don't know anything about that. What do I look like, a 4chan cellar dweller?
More than likely this was the work of many hackers over a length of time using various different methods to obtain the photos. Seeing as the pictures clearly come from different devices. One folder was noted to having drop box documents in it.
Blaming this on iCloud I think is either a purposeful burn of Apple right before a major product launch or a way to deflect from how the pictures were actually gathered. Either way the news media is doing a good job of perpetrating that narrative.
Apple is in a difficult position on this one. They want positive PR for iOS8 and its new cloud functionality.
Because this is clearly not all the fault of iCloud and may not be directly any fault of iCloud. Apple needs to defend iCloud's security methods without making its users (in this case Hollywood actresses) look inept or stupid.
I don't know anything about that. What do I look like, a 4chan cellar dweller?
That was more of a general add on to the discussion.
Videos and non iPhone photo's in this collection tend to indicate they didn't come from iCloud.
Yes, however, I believe we can trust their opinion regarding the source of the breach.
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
What is hilarious to ME is that people like you only seem to get outraged when you notice this type of reporting going on about something you're personally passionate about.
The rest of time you take headlines for truth, despite the fact that half of them are exaggerations, the other half, lies.
What on earth is wrong with naked?
I've been asking that question for years...
The rest of time you take headlines for truth, despite the fact that half of them are exaggerations, the other half, lies.
Do you have examples?
What is interesting -- and impressive -- to me is how none of these have shown up in public websites. I also read a couple of news stories that some of the sites that had it up are taking it down voluntarily.
Nice to see that fear can sometimes induce decency.
http://arstechnica.com/security/2014/09/what-jennifer-lawrence-can-teach-you-about-cloud-security/
There was an iCloud vulnerability, and an exploit called iBrute was released the day before the breach (yesterday). Apple has since patched it (early this morning). It was a kind of brute password attack. It looks like they went after celebrities. It wasn't a mass password grab of random accounts. It was a targeted attack.
So about your question: "how did they get photos from iCloud?" The answer is, apparently, if you backup your phone to iCloud, the photos, videos can be retrieved from the backup file.
Gruber points to a potential flaw with Find My Friends that doesn't prevent brute force attacks. If that is the case then Apple is definitely to blame.
The iBrute hack was relatively new and how would someone find all of those email addresses and find all of the passwords in such a short amount of time. Not to mention some of the victims are Android users.
Its possible iBrute was used to access some of these photos, but I cannot see it possible to have gotten all of them.
Here is a story about a guy who was offered to pay to see the pics weeks ago.
http://deadspin.com/this-guy-was-sharing-the-hacked-celeb-nudes-weeks-befor-1629384848