Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Cloud Privacy Security Apple

Reported iCloud Hack Leaks Hundreds of Private Celebrity Photos 336

Posted by samzenpus
from the gates-are-open dept.
swinferno writes with news about the leak of hundreds of private celebrity photos over the weekend. Hundreds of revealing pictures of female celebrities were leaked overnight after being stolen from their private collections. Hunger Games actress Jennifer Lawrence, Kirsten Dunst, and pop star Ariana Grande were among the celebrities apparently shown in the pictures, which were posted on infamous web forum 4chan. It's unclear how the images were obtained, but anonymous 4chan users said that they were taken from celebrities' iCloud accounts. The accounts are designed to allow iPhone, iPad, and Mac users to synchronize images, settings, calendar information, and other data between devices, but the service has been criticized for being unreliable and confusing. Earlier this year, Jennifer Lawrence herself complained about the service in an interview with MTV.
This discussion has been archived. No new comments can be posted.

Reported iCloud Hack Leaks Hundreds of Private Celebrity Photos

Comments Filter:
  • by Anonymous Coward on Monday September 01, 2014 @11:56AM (#47800869)

    Where are these photos you speak of?

    I guess the internets are dead.

    • by discord5 (798235)

      I guess the internets are dead.

      I gather many internets were given away yesterday at 4chan. You might try there, some people might still have some.

      On second thought... better not.

    • Re: (Score:3, Informative)

      by BlackPignouf (1017012)

      http://thepiratebay.se/torrent... [thepiratebay.se]
      http://thepiratebay.se/torrent... [thepiratebay.se]
      http://thepiratebay.se/torrent... [thepiratebay.se]

      It might be a good idea to use a proxy and an antivirus.

      • Re: (Score:3, Interesting)

        It would be a better idea to just not download them. Oh, who am I kidding, nobody cares about privacy while they're holding their dick in their hand.

    • by slimshady76 (3752059) on Monday September 01, 2014 @12:10PM (#47800967)
      (waving hand in front of your face) These aren't the photos you are looking for...
    • by WhoBeDaPlaya (984958) on Monday September 01, 2014 @12:19PM (#47801035) Homepage
      Reddit : /r/TheFappening http://www.reddit.com/r/TheFap... [reddit.com]
    • by Snotnose (212196)
      I would be very surprised if the entire archive isn't on TPB by now.
    • by Luca Masters (3463655) on Monday September 01, 2014 @12:26PM (#47801091)
      Slashdot: Where we care about privacy, unless there's a chance to see a naked girl Pro-tip: There are millions of photos of naked women out there that can be viewed wiithout violating anyone's privacy. Go make use of those if you're in so desperate need.
      • by TWX (665546)

        There are millions of photos of naked women out there that can be viewed wiithout violating anyone's privacy.

        Strictly speaking, while there are lots of paid model/glamour photos, there are also lots of leaked/shared/stolen photos of women that probably didn't want their images shared with the world too. So short of paying for the images from sites that only publish photos that they took themselves, you're probably still going to be violating someone's privacy.

    • by Nyder (754090)

      Where are these photos you speak of?

      I guess the internets are dead.

      https://kickass.to/the-fappeni... [kickass.to]

    • by fahrbot-bot (874524) on Monday September 01, 2014 @01:29PM (#47801565)

      Where are these photos you speak of?

      I guess the internets are dead.

      Ya. "Pics or it didn't happen."

  • Not 4chan (Score:2, Informative)

    by Anonymous Coward

    Actually the source was anonib.
    But they were then posted all over 4chan yeah.

    https://thepiratebay.se/torrent/10942405/09.01.2014_Celebrity_Nude_Photo_Hack_Collection_-__fappening

  • by Anonymous Coward on Monday September 01, 2014 @12:05PM (#47800935)

    Pretty good detective work: http://pastebin.com/cwAz9Y2r [pastebin.com]

    • by NatasRevol (731260) on Monday September 01, 2014 @12:25PM (#47801085) Journal

      Spoiler:

      A guy named Bryan Hamade from Georgia seems to have leaked them. Who stole them is still up for debate.

    • by theskipper (461997) on Monday September 01, 2014 @12:35PM (#47801143)

      Wow. If it turns out to be true, it's yet another testament to how difficult it is to be truly anonymous online these days. But not because of standard technical things like using proxies, etc, it's simply because there's so much info out there in social media and Google to provide clues. One mistake or oversight and you're pretty much exposed.

      • by zr (19885)

        this is probably the biggest takeaway there.

        we can still fight for some degree of privacy. but any meaningful anonymity is not available to the average folk.

  • by nurb432 (527695) on Monday September 01, 2014 @12:08PM (#47800947) Homepage Journal

    Then dont use it. Pretty simple. There is no law that says you have to use any cloud service, so if you dont trust/like them, dont use them. And dont bitch about it when you choose to do so.

    • Then dont use it. Pretty simple. There is no law that says you have to use any cloud service, so if you dont trust/like them, dont use them. And dont bitch about it when you choose to do so.

      There's no law that says you have to drive a Ford. If you don't trust them, don't drive one. But don't bitch about it when it bursts into flames and kills you, when you choose to drive it.

      • What she complained about was that it kept reminding her about backing her iPhone up; she wanted it to do so automatically, which she didn't know can be done by flipping a single setting in iOS' iCloud control panel.
      • Stop. This is the fault of allowing users to use devices with no training. Standard I.T. data security ON THE PART OF THE USERS would have prevented this. If you dont understand the device you are using, seek training, or dont put sensitive info on it. Its not ok to be a moron in the Information Age.
        • by TWX (665546)

          Stop. This is the fault of allowing users to use devices with no training. Standard I.T. data security ON THE PART OF THE USERS would have prevented this. If you dont understand the device you are using, seek training, or dont put sensitive info on it. Its not ok to be a moron in the Information Age.

          I used to feel that way, but I don't think it works that way anymore. There's too much tech to be able to keep up with it, even for computing professionals. There are too many things that we're dependent on t

  • This is on the news everywhere and, obviously, is going to make Apple look very bad. I don't think I'll have long term consequences for Apple but at least it may make some people think twice about uploading personal information to "the cloud".
  • by zr (19885) on Monday September 01, 2014 @12:13PM (#47800985) Homepage

    seriously, what am i missing?

  • Come on people, I should not have to remind you.

  • by Anonymous Coward on Monday September 01, 2014 @12:31PM (#47801125)

    I worked for Apple for 9 years. I would never use iCloud for anything I needed to keep private.

    Apple's own culture of secrecy works against them. You don't discuss what you are doing outside your immediate team. This means that you often don't know enough about what you are doing to understand where your code will be used. You are working from a design (or an API) specified by another team and you have to assume they have the complete picture. If they don't specify brute force protection for your code you must assume that they have a reason or they are using some other method.

    The internal secrecy also results in multiple implementations of the same function, because each team knows its own code and doesn't see what others have already implemented or are working on. No doubt somebody in the organization thinks that the internal secrecy is worth the cost.

  • There's one important element of these leaks that I've never seen anyone comment on: it's all well and good to hack a weak password, but how do these people wind up getting their hands on lists of celebrities' private email addresses? It's not like you can just throw some terms at Google and come up with anything useful.
    • User IDs ARE NOT a security device at all. If that was true every corporation would give people obfuscated email addresses instead of basing them on their name.
  • by Charliemopps (1157495) on Monday September 01, 2014 @12:45PM (#47801213)

    Ok, first of all, if I some how got hold of these pictures, I'd delete them. Integrity is good for us all. I've no animosity towards the famous.

    That being said, these people sold their privacy for cold hard cash. Not small amounts either, enough to buy the town I live in. Maybe I'm a jerk, but I just don't feel all that bad for them. They sell sex every day, all day. I have a feeling most are more upset that some of the pictures are unflattering than they are that they're nude in them.

  • by WD (96061) on Monday September 01, 2014 @12:55PM (#47801315)

    Somebody:
    1) Takes nude photos of themselves with an internet-connected device.
    2) Has said photos of themselves synchronized with an internet service
    3) Is surprised / outraged that said photos are accessed by somebody on the internet.

    I'm not saying that those people are to blame, but rather that there is a significant disconnect between technology and users' expectations. And the companies involved aren't making things any better with their hand-waving "cloud" mumbo-jumbo.

  • by swb (14022) on Monday September 01, 2014 @01:18PM (#47801491)

    As far as I know, Jennifer Lawrence has never done a nude scene in a movie. Is some of the outrage due to that maybe Jennifer Lawrence as an actress is more appealing/alluring in some roles because she's not been seen on screen nude and thus manages to increase her allure by keeping the mystery alive (although X-Men and American Hustle did about everything possible to reveal that mystery)

    It does seem to be something of a female celebrity career trope that when they hit a mature phase of their careers they start opting for roles that involve a lot of nudity under some kind of guise that it's a challenging or artistically complex thing to do. Usually the more explicit the nudity and/or sex the greater press it draws and with any luck a bump to the actress' career.

    Could Jennifer Lawrence ALSO be motivated by the fact that being nude in a movie is some way passé now -- ie, taking a role with nudity would no longer bring any added celebrity or notoriety because we've already seen that?

    I'm not implying she doesn't have other, better reasons to be annoyed -- celebrities are people too, and like their privacy. I'm just curious to what extent the outrage isn't somewhat motivated by a celebrity's desire to flog an image of sexuality for maximum return.

  • by DrProton (79239) on Monday September 01, 2014 @04:19PM (#47802607)
    Did the brute-force attack sidestep Apple ID two-step verification? I'm guessing no, and that none of the celebs who were hacked had bothered to enable the two-step login shuffle. You might think a celebrity could afford to hire someone to beef up their online security and advise them in such matters. Why don't they?
  • by ctime (755868) on Monday September 01, 2014 @04:19PM (#47802609)
    It could have just as easily been a packet sniffing engine on a local ISP, cellular network, data center etc. Maybe in front of Amazon? Were these all transferred through snapchat, dropbox or some other file sharing service that leverages AWS or some other cloud provider? Were any taken from those services by admins?

    My point is, many of these images were *taken* with non-apple devices and *deleted* before photo stream was a thing. At this point it is likely someone got access to a darknet cache of images -- the sources are unlikely from one location, but from many many sources over many years.

    LTDR; 1. Enable 2FA 2. If you upload something to the internet, assume someday someone will be able to see it and do whatever they want with it. Are you okay with that?
  • by plazman30 (531348) on Monday September 01, 2014 @06:15PM (#47803137) Homepage

    If you don't want something to leak on the Internet in the 21st century, DON'T DO IT!

    Perhaps the NSA could have learned that lesson with Edward Snowden...

    These really are just nude pictures, some with sex. But are we all shocked that are celebrities look hot when they're naked?

    Far worse would have been for photos to leak showing criminal activity, such as torturing dogs, doing drugs, or acting like complete assholes by beating up and torturing people.

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...