It's believed that social engineering led to breach of iCloud account of the victims
An anonymous hacker used 4Chan’s /b/ board to post a set of explicit images of female celebrities over the weekend, claiming that the content was obtained by breaching their Apple iCloud accounts.The perpetrator allegedly has raunchy files featuring about 100 celebrities, including both video and images. They posted screen grabs showing folders with movies and pics of the famous people, along with a complete list of the victims, which has more than 100 names.
At the moment, only a small part of the image collection has been leaked, most of the pics showing actress Jennifer Lawrence in different nude stances. Her publicist already confirmed that the content obtained and published illegally was real.
Another famous name affected by the leak is Mary Elizabeth Winstead, who also confirmed that the pics were real. “To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves,” she commented on Twitter.
“Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked,” she added in another tweet.
Some images of Ariana Grande have also been posted on the board, although her representative said that they were fake.
Other female stars whose private photos were published include Kate Upton, Victoria Justice (also denied authenticity of the files), Kirsten Dunst, Hope Solo, Krysten Ritter, Yvonne Strahovski, and Teresa Palmer.
Furthermore, the list published by the hacker includes names such as Rihanna, Selena Gomez, Mary Kate Olsen, Kaley Cuoco, Kate Bosworth, Kim Kardashian, Megan Boone, Vanessa Hudgens and Scarlett Johansson.
As inciting the pics may be, the interesting part is how the hacker managed to grab the content. There are several ways to carry out the deed, with social engineering clearly standing out.
A security bug in iCloud is not to be excluded either, but hackers would reap far better benefits exploiting it in other ways than anonymous leaking of the content on public boards.
Discovering the weak passwords protecting the accounts would make much more sense in this case, which goes to show the importance of good protective measures for online repositories storing sensitive information.
Since these are high-profile victims, strong investigative efforts are very likely to be seen for the discovery of the perp(s), especially with the perspective of other celebs being exposed in intimate stances.
At the moment, the 4Chan operators are trying their best to avoid legal backlash and have already blocked access to some of the threads.
To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.— Mary E. Winstead (@M_E_Winstead) August 31, 2014