Support NeoGAF

[Mr.Mike]

So

http://www.businessinsider.com/4chan-nude-photo-leak-2014-8

It seems that somebody has managed to break-into iCloud and is now leaking private photos of various celebrities onto 4chan. The leaker is currently taking bitcoin payments in exchange for releasing more photos. I'm not gonna link any of the photos here and it would probably be best if we all avoided doing so...

This leak has left me with some questions. Who would be capable and have the motive to do this? Are everyone's photographs in iCloud now compromised? (Certainly it seems like this person has access to a lot more than just specific accounts).

I'd imagine that the most likely story is just that somebody wanted to make some money of off this, but that leaves in the place the question of who would be capable of pulling this off. Maybe a disgruntled ex-employee of Apple?

Please lock if old and/or inappropriate.

 

[Slayven]

Apple going to have a hell of a PR problem.

 

[Stumpokapow]

The vastly more likely option is that these people have weak passwords, weak forgot my password security questions (probably many with publicly available information) and no 2FA, and just like every other celebrity nude photo leak ever, a teenage-20something male random with enough research and some social engineering managed to get in.

Most of what you're suggesting in the OP is pretty conspiratorial, tbh.

 

[SimleuqiR]

The list is long very long:

http://mashable.com/2014/08/31/celebrity-nude-photo-hack/

Aly and AJ Michalka, Aubrey Plaza, Abby Elliott, Avril Lavigne, Amber Heard, Brie Larson, Candice Swanepoel, Cara Delevigne, Emily Ratjakowski, Farrah Abraham, Gabrielle Union, Hayden Pannettiere, Hope Solo, Hillary Duff, Jenny McCarthy, Kayley Cuoco, Kate Upton, Kate Bosworth, Keke Palmer, Kim Kardashian, Kirsten Dunst, Krysten Ritter, Lea Michele, Lizzy Caplan, Mary Kate Olsen, Mary Elizabeth Winstead, Rihanna, Scarlet Johansson, Selena Gomez, Vanessa Hudgens, Wynona Ryder, Alison Brie and Dave Franco.

If the breach is Apple's fault, these celebrities should sue them.

Edit: The way the accounts might have been breached

It's a weakness in the "Find my iPhone" API which does not have protection against brute force:

http://thenextweb.com/apple/2014/09...aw-that-led-to-celebrity-photos-being-leaked/

On Monday, a Python script emerged on Github (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find my iPhone service.

We discussed the tool with its creator, Hackapp, over Twitter, who said “this bug is common for all services which have many authentication interfaces” and that with “basic knowledge of sniffing and reversing techniques” it is “trivial” to uncover them. When asked if the method could have been used in the celebrity hack today, Hackapp said “I’ve not seen any evidence yet, but I admit that someone could use this tool.”

 

[daffy]

How come you're always AFK but then you've just posted. Just curis

The icloud thing is crazy though

 

[Mr.Mike]

The vastly more likely option is that these people have weak passwords, weak forgot my password security questions and no 2FA, and just like every other celebrity nude photo leak ever, a teenage-20something male random with enough research and some social engineering managed to get in.

Most of what you're suggesting in the OP is pretty conspiratorial, tbh.

The leaker has a long list of celebrities that he claims to have photos of. Accessing each account individually would be a pretty obsessive amount of work. But maybe I underestimate teenage-20somethings.

 

[Sub_Level]

I don't have tv. Is this blowing up on CNN, Fox, MSNBC, e.t.c.?

 

[Entryhazard]

I'm wondering why in the world celebrities keep naked photos of themselves on the cloud

 

[freenudemacusers]

I'd assume Stump is probably right, weak passwords or (more likely) really obvious info like favorite pets, old relatives, etc.

But maybe I underestimate teenage-20somethings.

This is generally true for most things re: teenagers in front of computers.

 

[Stumpokapow]

The leaker has a long list of celebrities that he claims to have photos of. Assessing each account individually would be a pretty obsessive amount of work. But maybe I underestimate teenage-20somethings.

http://www.huffingtonpost.com/2012/12/17/hollywood-hacker-christopher-chaney_n_2315137.html

Prosecutors said Chaney illegally accessed the email accounts of more than 50 people in the entertainment industry between November 2010 and October 2011. Aguilera, Mila Kunis and Johansson agreed to have their identities made public with the hope the move would provide awareness about online intrusion.

 

[cartoon_soldier]

What about a scenario like the celebs connecting to a Wifi Network that the hacker was also on and was able to get the information needed from the traffic, or had already put something in place to get the data being passed through it?

 

[AlphaTwo00]

Social engineering is a far easier password hack than any actual hack.

 

[Necrovex]

I'm wondering why in the world celebrities keep naked photos of themselves on the coud

I didn't know my photos automatically went to the Cloud before I stumbled in my setting that this was not the case.

 

[FantasticMrFoxdie]

OMG More leaks.


hnnnnnnnnnnnnnngggggg

Apple going to have a hell of a PR problem.

Up until they announce the iPhone6 and all will be forgotten lolol

 

[iNvid02]

Regardless of their level of security, its going to be a shitstorm for apple, i wonder how 4chan will fare because its cited as the source everywhere

some things just aren;t ment to be in the cloud yo

 

[MidnightCowboy]

As a straight male, I really enjoy the pics. As a human being, I feel absolutely horrible for all the celebs involved.

 

[smokeandmirrors]

What about a scenario like the celebs connecting to a Wifi Network that the hacker was also on and was able to get the information needed from the traffic, or had already put something in place to get the data being passed through it?

I see this being very likely as well.

 

[Ecto311]

The list is long very long:

http://mashable.com/2014/08/31/celebrity-nude-photo-hack/



If the breach is Apple's fault, these celebrities should sue them.

Did apple ever claim that it was all safe to fill with your titties? I don't remember apple or iCloud claiming any kind of amazing security. Don't get me wrong I am not a fan of apple but it should be general knowledge that cloud storage is not that safe at all that I am aware of.

 

[_DrMario_]

"and Dave Franco"

lol how random.

 

[valkillmore]

Did I catch an Abby Elliot in that list? Omm nom nom.

 

[Revolutionary]

TMZ reps tried to negotiate with the leaker and he decided to just post them instead. He posted his bitcoin for donations but was apparently banned by 4chan/reddit before he was able to post more.

Regardless of their level of security, its going to be a shitstorm for apple, i wonder how 4chan will fare because its cited as the source everywhere

Funny because a few of the pictures first popped up on reddit.

 

[StuBurns]

Mary Elizabeth Winstead said her photos had been deleted, does iCloud retain photos but hide them from the user after deletion? If that is the case, then presumably someone did hack it, not just guess her password.

 

[plasmawave]

4chan going mainstream.

 

[Korosenai]

J law nude.....

 

[C.Dark.DN]

Are these the pictures that were rumored a year or two ago?

Also, this guy made 20 million USD in bitcoin?

 

[Mindwipe]

Uggh, how awful for those involved.

Also, this is going to be a terribad shitstorm for Apple as well.

 

[SimleuqiR]

Did apple ever claim that it was all safe to fill with your titties? I don't remember apple or iCloud claiming any kind of amazing security. Don't get me wrong I am not a fan of apple but it should be general knowledge that cloud storage is not that safe at all that I am aware of.

If social engineering was how they managed to access the files, no I don't think Apple is at fault. But if it's something at their end, some security hole, then yes they are responsible.

Also, more people especially celebrities should used 2-step verification.

 

[smokeandmirrors]

Mary Elizabeth Winstead said her photos had been deleted, does iCloud retain photos but hide them from the user after deletion? If that is the case, then presumably someone did hack it, not just guess her password.

I wonder when they were deleted because something like this takes a ton of time so getting access to her account could've happened a long time ago, rather than finding deleted pictures.

 

[Sub_Level]

As a straight male, I really enjoy the pics. As a human being, I feel absolutely horrible for all the celebs involved.

Agreed but I think it actually helps them that there were so many involved. Spreads out the attention given, you know what I mean? If it was just one or two celebs all the attention would be consolidated onto them alone.

 

[WarrenMax007]

As a straight male, I really enjoy the pics. As a human being, I feel absolutely horrible for all the celebs involved.

Yep. You're right.

 

[OSHAN]

Man those recent Kate Upton pics.

 

[Manmademan]

Mary Elizabeth Winstead said her photos had been deleted, does iCloud retain photos but hide them from the user after deletion? If that is the case, then presumably someone did hack it, not just guess her password.

This is the one that got my attention. Unless she doesn't know how delete works, this is a huge exploit.

 

[Maidenpool?]

I thought the cloud was secure

At least that's what they told me

 

[WhereAreMahDragonz]

This seriously worries me. Not that I have any nudes on the cloud (hell, any nudes in general), but the fact that someone was able to obtain this information so easily is troubling.

Apple's in deep shit, regardless of whether or not the hacker just guessed their passwords or not.

 

[Ecto311]

If social engineering was how they managed to access the files, no I don't think Apple is at fault. But if it's something at their end, some security hole, then yes they are responsible.

Also, more people especially celebrities should used 2-step verification.

I guess I am in the dark as how apple is responsible. Where is it stated that your pics are safe from anyone else? Especially if you have a dopy password. The 2 factor thing is good but unless they require it or odd passwords 20 characters long with weird signs in them, they can't be responsible for the pics getting leaked right?

Also is there a way to prove they were leaked from apple and not intercepted from their computers remotely? This is such a clusterfuck I can't imagine apple being able to be sued by this. With all the cash they have I am sure the contract that is digitally signed to get things into the iCloud is so tight they have no room to stand for a lawsuit.

 

[gdt]

Yeah this is pretty nuts. It's a huuuuge leak that a zillion people got hit with. Somebody is gonna follow up with this.

 

[Mistah]

Man those recent Kate Upton pics.

Man...


Fucked up how they got to those stuff.. :/

 

[Alienous]

I thought the cloud was secure

At least that's what they told me

I don't know how there could be any expectation of 100% security.

 

[slightconfuse]

Why do so many celebrities have nudes saved in the cloud ?

 

[LanceVance]

Why do so many celebrities have nudes saved in the cloud ?

Doesn't it automatically back up your photos to the cloud?

 

[Mistah]

Why do so many celebrities have nudes saved in the cloud ?

stuff get uploaded automatically to icloud... if you make a pic etc :/

 

[smokeandmirrors]

I don't know how there could be any expectation of 100% security.

There's never 100% security on anything that's online, ever. We really need courses to teach people this.

Why do so many celebrities have nudes saved in the cloud ?

Not just celebrities. I'd be more than willing to bet a significant amount of young adults have nudes on their phones/cloud, we just don't ever see them because no one cares.

 

[Reversed]

Doesn't it automatically back up your photos to the cloud?

That makes it even worse unless you can opt out. :/ I was never a fan of relying on the cloud to upload sensitive information, however.

 

[Sub_Level]

4chan going mainstream.

Everybody's doing it

 

[Ecto311]

Doesn't it automatically back up your photos to the cloud?

I had to turn it on to get it going. Never did this and actually use Google plus for backups. They should use this to their advantage right now and get in on the titties being posted to their site.

No one is on plus that I know so I could have dick pics up there all day and it wouldn't matter.

 

[jstripes]

I thought the cloud was secure

At least that's what they told me

Nothing that isn't directly under you control is secure, and even then there's vulnerabilities.

 

[SimleuqiR]

I guess I am in the dark as how apple is responsible. Where is it stated that your pics are safe from anyone else? Especially if you have a dopy password. The 2 factor thing is good but unless they require it or odd passwords 20 characters long with weird signs in them, they can't be responsible for the pics getting leaked right?

Also is there a way to prove they were leaked from apple and not intercepted from their computers remotely? This is such a clusterfuck I can't imagine apple being able to be sued by this. With all the cash they have I am sure the contract that is digitally signed to get things into the iCloud is so tight they have no room to stand for a lawsuit.

http://support.apple.com/kb/HT4865

Data Security

iCloud secures your data by encrypting it when it is sent over the Internet, storing it in an encrypted format when kept on server (review the table below for detail), and using secure tokens for authentication. This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud. iCloud uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions—and never provides encryption keys to any third parties.

Again, if the breach is at their end they are responsible. If there is some security hole, something was not patch, etc it's Apple's fault.

 

[Colonel Nasty]

Hopefully this means it'll be easier for me to get a 6 on launch.

 

[BeforeU]

Why do so many celebrities have nudes saved in the cloud ?

forget about that, why would anyone take naked selfies in the first place lol

anyways this is bad, but iCloud and DropBox are shit.

 

[Lashley]

Anyone seen this

Random women are posting their boobs on twitter in solidarity with Jennifer Lawrence and the leaked celebs tonight with hashtag #LeakForJLaw