Big breaches of security are never fun, but when you’re the provider of cloud storage that holds all kinds of personal data, things can get particularly hairy when someone finds a way through. That’s the situation Apple finds itself in today, or at least, that’s the claim.
If you’ve ventured anywhere near the internet over the last 12 hours then you’re no doubt already aware that various celebrities have fallen foul of what some are claiming is a hack aimed squarely at Apple’s iCloud. The result, it seems, is a collection of photos and apparently videos showing said celebrities in various states of undress managing to find their way into the public domain.
Coming courtesy of the notorious 4chan message boards, the media was apparently stolen from hacked iCloud accounts, although as yet there has been no proof of such a thing and Apple has not yet responded to requests for comment. At least one of the celebrities involved has confirmed that the photos stolen that depict her are in fact real, and that they were believed to be deleted a long time ago.
That begs the obvious question: when are photos really deleted, given the fact they’re automatically being uploaded to iCloud, Dropbox or whatever cloud storage provider you happen to frequent? With versioning and the like, are they ever actually deleted at all?
Regardless of the technical angle here, it’s worth remembering that lots of young ladies had their privacy invaded here, and no matter the wisdom of taking compromising photos in the first place, nobody deserves to have them stolen and displayed for all to see.
Those who are affected here include the likes of Jennifer Lawrence, Kate Upton, Avril Lavigne, and Mary Elizabeth Winstead,
At this point it’s worth making sure all your online storage passwords are strong ones and that you have two-step verification turned in wherever possible.
Stay safe, folks.
Update x1: Reports now suggest that a Python script released on GitHub about two days ago made use of a vulnerability in iCloud’s Find My iPhone service which resulted in this massive leak. The script allowed hackers to brute force passwords of a target’s iCloud account.
It seems like this vulnerability has now been patched by Apple, as has been noted by the owner of the tool at 3am PT today.
It is important to note that there is still no concrete evidence that the leak was caused by this iCloud vulnerability. Apple has so far refused to comment on this matter.