Nude photos of Hollywood actors posted online by alleged hacker
Stars including Jennifer Lawrence and Kate Upton reportedly had photos posted on site
A spokesman for actor Jennifer Lawrence said they would seek to prosecute anyone who posts the stolen photos of her. Photograph: Reuters
The apparent online hack that led to the posting of hundreds of explicit photos of some of Hollywood’s most famous female stars could have been as a result of an attack on their passwords.
Stars including actress Jennifer Lawrence and model Kate Upton saw intimate photos posted on forum site 4chan yesterday evening, with some reports initially suggesting Apple’s iCloud service had been compromised to access the images.
A spokesman for Lawrence said: “This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”
These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*— Victoria Justice (@VictoriaJustice) August 31, 2014
Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.— Mary E. Winstead (@M_E_Winstead) August 31, 2014
At work we often have to make quick decisions. I made a really bad one today and then made it worse. I feel awful and am truly sorry.— Perez Hilton (@PerezHilton) August 31, 2014
American actor and singer Victoria Judge, who was also named in the file, denied any nude photos of her were real in a tweet today.
A piece of computer code that repeatedly guesses passwords has been found online. The script was posted to software site GitHub, but a message has since appeared saying that Apple has issued a “patch” or fix for the bug.
“The end of the fun, Apple has just patched,” read an update on the post.
The technology giant is yet to make any comment on the incident.
According to the post, the script uses the top 500 most common passwords approved by Apple in order to try and gain access to user accounts. If successful, in theory it would give the hacker access to an iCloud account, and therefore photos.
Owen Williams from technology site The Next Web, who discovered the bug, said: “The Python script found on GitHub appears to have allowed a malicious user to repeatedly guess passwords on Apple’s ‘Find my iPhone’ service without alerting the user or locking out the attacker.
“Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly. Many users use simple passwords that are the same across services so it’s entirely possible to guess passwords using a tool like this.
“If the attacker was successful and gets a match by guessing passwords against Find my iPhone, they would be able to, in theory, use this to log into iCloud and sync the iCloud Photo Stream with another Mac or iPhone in a few minutes, again, without the attacked user’s knowledge.
We can’t be sure that this is related to the leaked photos, but the timing suggests a possible correlation.”
Experts have pointed to the weakness of many internet users’ passwords, and basic security knowledge as being the cause for the widespread leak. iCloud is Apple’s own cloud service, a wireless storage facility that can be used to access files remotely.