X

Apple 'actively investigating' iCloud link to celeb photo leak

Company's online storage service said to be source of a large cache of private nude celebrity images.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

htdcybersec620x350610x344.jpg

Apple said Monday it is "actively investigating" whether a security breach at its iCloud service was responsible for the leak of several private, nude images of celebrities, including actress Jennifer Lawrence.

"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Recode. CNET has contacted Apple for comment and will update this report when we learn more.

A large cache of risque images - some said to be real, others fake -- first appeared Sunday on the image-based bulletin board 4chan. The images were said to have been taken from the iCloud accounts of celebrities such as Lawrence, model Kate Upton, and recording artist Ariana Grande, and have since spread across the Internet on social media.

A vulnerability in the online storage service's "Find My iPhone" feature could allow a brute force attack in which multiple, rapid-fire attempts are made to correctly guess an account's password, according to Github. The code-hosting site reported that Apple had repaired the vulnerability.

However, some of the photos appear to have come from different devices and may have been accumulated over a long period of time.

This isn't the first time Apple's online service has been linked to a hacking. In 2012, former Gizmodo reporter Mat Honan blamed an AppleCare technician for allowing his personal e-mail and Twitter accounts to be hacked. Honan said a hacker wiped his devices and gained access to his Gmail and Twitter accounts after an Apple technician fell victim to social engineering, a technique of manipulating people instead of computers to perform a task or divulge information.