Skip to main content

Apple investigating iCloud hack of naked celebrity photos

You're unlikely to have missed the major scandal which hit the net over the weekend, whereby naked pics of various celebs taken in private (some of which are confirmed to be real) were (and still are) being hawked about for anyone to view – allegedly originating from a breach of iCloud.

Yesterday, one of our articles made a call for Apple to make a statement (opens in new tab) on the sordid affair, and indeed Cupertino has now come forward and said it is investigating the allegations, according to Re/code (opens in new tab).

An Apple spokeswoman told the tech site: "We take user privacy very seriously and are actively investigating this report."

The FBI is also apparently looking into the matter.

More information has emerged about how the attack may have been carried out – apparently it was a pretty straightforward affair. The attacker may have used a piece of software called iBrute to brute-force iCloud accounts – the program simply continues to plug password after password in until it finds a successful match.

While not so likely to work with a good complex password that's a mix of cases, letters, numbers and characters, we all know that many people have horribly weak passwords (or at least fairly weak ones).

Read more: iCloud hacking scandal sees naked photos of A-list celebrities leaked on 4chan (opens in new tab)

The security issue on Apple's part is that the company allows an unlimited number of incorrect password guesses – which is somewhat unbelievable. However, this issue has (unsurprisingly) now been fixed; you can no longer keep firing passwords away at a target iCloud account without being cut off.

On the victim's part, as noted they could have chosen a more secure password, or more importantly they could have enabled two-factor authentication on their account. This applies a second line of security after the password (such as, for example, a one-time numeric code texted to the account owner's phone). Without the second factor, the attacker still can't gain access.

Given the number of hacking incidents these days, it's well worth thinking about setting up two-factor authentication for the more important websites and services you use – if they support it, that is. We've got a handy guide on this which you might want to take a look at: Two-factor authentication: Which websites offer it, and how to set it up (opens in new tab).

Meantime, we'll have to wait for the official results of Apple's investigation to see what actually happened here, but whatever that may be, it doesn't hurt to make yourself more secure...

Read more: Apple set to unveil digital wallet alongside iPhone 6 (opens in new tab)

The timing of the incident certainly isn't great for Cupertino, which is apparently set to launch a new digital wallet along with the iPhone 6 next week.

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.