Apple investigates celebrity photo hacking scandal

Following the recent photo hacking scandal that leaked hundreds of nude celebrity photos online, Apple is now investigating the possibility that the images were obtained through its iCloud service. In a statement to Re/code, Apple said that it is now “actively investigating” its iCloud accounts.

“We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris tells Re/code.

Security researchers are speculating that the hacker obtained the scandalous photos from iCloud accounts of the celebrities. For instance, the Kate Upton photos appeared to be taken from her boyfriend’s iPhone. An EXIF examination of the photo even revealed the Google Maps location of where the photo was taken.

It didn’t help when a Python script was posted on GitHub a couple of days ago. This script, called iBrute, can reportedly send brute-force attacks to iCloud accounts, eventually allowing the hacker to get the right password.

One privacy researcher, Christopher Soghoian, commented that if the accounts were indeed brute forced, Apple could have prevented it by rate-limiting the number of log-ins. Another researcher, FireEye’s Darien Kindlund, said that it could be thwarted by enabling the two-factor authentication on the iCloud accounts. 

Source: Re/code