Nude photos of Hollywood actors posted online by alleged hacker

Stars including Jennifer Lawrence and Kate Upton reportedly had photos posted on site

A spokesman for actor Jennifer Lawrence said they would seek to prosecute anyone who posts the stolen photos  of her. Photograph: Reuters

A spokesman for actor Jennifer Lawrence said they would seek to prosecute anyone who posts the stolen photos of her. Photograph: Reuters

Mon, Sep 1, 2014, 16:02

The apparent online hack that led to the posting of hundreds of explicit photos of some of Hollywood’s most famous female stars could have been as a result of an attack on their passwords.

Stars including actress Jennifer Lawrence and model Kate Upton saw intimate photos posted on forum site 4chan yesterday evening, with some reports initially suggesting Apple’s iCloud service had been compromised to access the images.

A spokesman for Lawrence said: “This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

American actor and singer Victoria Judge, who was also named in the file, denied any nude photos of her were real in a tweet today.

A piece of computer code that repeatedly guesses passwords has been found online. The script was posted to software site GitHub, but a message has since appeared saying that Apple has issued a “patch” or fix for the bug.

“The end of the fun, Apple has just patched,” read an update on the post.

The technology giant is yet to make any comment on the incident.

According to the post, the script uses the top 500 most common passwords approved by Apple in order to try and gain access to user accounts. If successful, in theory it would give the hacker access to an iCloud account, and therefore photos.

Owen Williams from technology site The Next Web, who discovered the bug, said: “The Python script found on GitHub appears to have allowed a malicious user to repeatedly guess passwords on Apple’s ‘Find my iPhone’ service without alerting the user or locking out the attacker.

“Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly. Many users use simple passwords that are the same across services so it’s entirely possible to guess passwords using a tool like this.

“If the attacker was successful and gets a match by guessing passwords against Find my iPhone, they would be able to, in theory, use this to log into iCloud and sync the iCloud Photo Stream with another Mac or iPhone in a few minutes, again, without the attacked user’s knowledge.

We can’t be sure that this is related to the leaked photos, but the timing suggests a possible correlation.”

Experts have pointed to the weakness of many internet users’ passwords, and basic security knowledge as being the cause for the widespread leak. iCloud is Apple’s own cloud service, a wireless storage facility that can be used to access files remotely.