Both the FBI and Apple are looking into the alleged security breach of iCloud accounts belonging to celebrities that enabled hackers to nab private and in some cases highly personal photos and videos before posting them on image-based bulletin board 4chan.
The content apparently contains naked and semi-naked photos and videos of more than 100 A-list celebrities, among them Oscar-winning actress Jennifer Lawrence, singer Rihanna, swimsuit model Kate Upton, and TV star Kim Kardashian. While some of the celebrities argue that the pictures are frauds, others have confirmed that the posted photos of themselves are indeed authentic.
“Clicking on links to ‘naked celebrity’ photos would be a *very* bad idea right now.”
Although hackers named iCloud as the source of the content, Apple hasn’t yet confirmed whether this is the case. However, the tech company on Monday acknowledged the incident, with spokesperson Natalie Kerris saying “we take user privacy very seriously and are actively investigating this report.”
The FBI has also said it’s looking into the apparent security breach. In a statement issued Monday, the government agency said “the FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.”
Some security experts have suggested that if iCloud is the sole source of the stolen content, then those affected were almost certainly not using two-factor authentication, a security process which adds another layer of protection to an account by asking for a security code, as well as the account’s password. Apple introduced the option of two-factor authentication 18 months ago.
However, other experts, including Rik Ferguson of security software firm Trend Micro, described a wide-scale hack of iCloud as “unlikely.” He also noted that hackers were likely to target websurfers seeking the racy images.
“For obvious reasons, clicking on links to ‘naked celebrity’ photos, or opening email attachments would be a *very* bad idea right now, expect criminals to ride this bandwagon immediately.”
At the time of writing, there appears to be no clear consensus among the online security community about exactly how the attack took place or where the images were taken from.
As we await further details regarding the precise nature of the hack, this could be a good time to evaluate the state of your own online security. It you’re yet to activate two-factor authentication with online accounts where it’s offered, you might want to consider taking some time to do so.