Apple 'actively investigating' celebrity photo leaks for possible iCloud connectionApple on Monday confirmed in a short statement that it is in the process of determining whether or not security breaches in its online services were responsible for the outing of hundreds of racy photos of celebrities, including actress Jennifer Lawrence and model Kate Upton, over the weekend.
"We take user privacy very seriously and are actively investigating this report," Apple representative Natalie Kerris told Re/code. The company has not made any further public comment.
Rumors of an iCloud security breach began circulating as soon as the first photos hit the web on Sunday, though there remains scant evidence to support the claims. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they are privy to the technical details of the leaks.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
Adding confusion to the mix was the Monday disclosure of a flaw in Apple's "Find my iPhone" service that could allow attackers to use brute force tactics against weak iCloud passwords when the login email address was known. Apple quickly patched that hole, and it is unclear what role, if any, it may have played in the leak.
Numerous previous leaks that had been initially attributed to "hacks" were later found to actually be the result of a combination of social engineering techniques and poor password management on the part of the victims, and those issues remain the most likely explanations for Sunday's release.
On Topic: Security
- Apple's differential privacy in iOS 10 is opt-in, limited to four use cases
- Inside iOS 10: Apple doubles down on security with cutting edge differential privacy
- No warrant needed to obtain location data held by cellphone carriers, US court rules
- Courts predicted to side with law enforcement on fingerprint warrants for Apple's Touch ID
- US regulators probe Apple, Google, Verizon & others on security patches