Celebrity News

Was iCloud ‘flaw’ behind massive theft of XXX celebrity snaps?

By
Social Links for Natalie O'Neill
Published Sep. 1, 2014, 12:26 p.m. ET
Jennifer Lawrence and Kate Upton were both exposed after a hacker leaked naked images of them on the internet.
Jennifer Lawrence and Kate Upton were both exposed after a hacker leaked naked images of them on the internet. AP, Getty Images

The hacker who apparently leaked dozens of photos of nude celebrities — including Jennifer Lawrence, Kate Upton and Kim Kardashian — may have used a flaw in iCloud’s popular Find My iPhone function to score the steamy images.

To access the personal data, the hacker apparently sent e-mails to stars, tricking them into handing over e-mail passwords, tech experts said.

The passwords can be used to reset the iPhone’s less-than-secure Find my iPhone function — and gain access to photos on the smartphone, tech experts said.

“A malicious user [may have] repeatedly guessed passwords on Apple’s Find my iPhone service without alerting the user or locking out the attacker,” according to Owen Williams of the tech news site The Next Web.

“Many users use simple passwords that are the same across services so it’s entirely possible to guess passwords using a tool like this,” Williams added.

“We can’t be sure … but the timing suggests a possible correlation,” he said.

On Sunday, a huge stash of A-list celebrities’ intimate photos were posted on the website 4chan by a hacker who apparently broke into Apple’s iCloud storage system.

Actress Mary Elizabeth Winstead was also a victim of the security breach.Jason Merritt/WireImage
Roughly 320 million people worldwide use iCloud.

Internet sleuths, including Reddit.com users and security researchers, were quick to finger a Georgia man as the hacker, Buzzfeed reported. The user posted a screenshot of his computer to show off the leaked picture folder, exposing him as one of the original 4chan leakers, the internet sleuths claimed.

But the man denied the claims.

“I am not behind this … I am not a hacker. I have no idea how the hell someone could hack into all those accounts,” he told BuzzFeed.

Password clues reported in the media also may have helped the culprit pull off the stunning privacy violation, the Daily Mail reported.

A Time magazine article published in June, for example, noted Jennifer Lawrence’s e-mail contains “potty” language.

“Jennifer Lawrence has switched to a new email address that involves some potty language. Her email address apparently has the word ‘butt’ in it,” the magazine reported.

Other celebrities targeted include Kristen Dunst and Mary Elizabeth Winstead.

The “Find My iPhone” application is used to track down the gadget, if it’s lost or stolen.

Apple has not yet confirmed or denied any role in the breach.