On Sunday an several celebrities personal photos has been leaked online and reports says that all the photos has been obtained from Apple iCloud accounts. This create a nasty situation, as all the personal photos belongs to the high profiled peoples.
Last week, a hint was shown on the 4chan as one of its users had talked about having access to personal photos of several celebrities.On Sunday evening the pictures were leaked on internet message boards. Posters on 4chan and reddit claimed that the photos were obtained by hacking iCloud accounts.
The list of celebrities is said to include Avril Lavigne, Hillary Duff, Jenny McCarthy, Kayley Cuoco, Kate Upton, Kim Kardashian, Kirsten Dunst, Krysten Ritter, Mary Kate Olsen, Mary Elizabeth Winstead, Rihanna, Scarlet Johansson, Selena Gomez, Vanessa Hudgens and Dave Franco. Jennifer Lawrence and Mary Elizabeth Winstead had confirmed about the leaked photos but Arianna Grande and Victoria Justice points it fake.
Last week, a hint was shown on the 4chan as one of its users had talked about having access to personal photos of several celebrities.On Sunday evening the pictures were leaked on internet message boards. Posters on 4chan and reddit claimed that the photos were obtained by hacking iCloud accounts.
On Monday, a python script was posted on GitHub, and the scripts allowed the attacker (user or hacker) to perform a brute-force attack on the Apple iCloud. The scripts takes the advantage of vulnerability in the Find My iPhone service API. The scripts poster wrote on the statement that-
The vulnerability was on Find My iPhone service API, where bruteforce protection was not implemented.
The vulnerability allegedly discovered in the Find My iPhone service that let attackers use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the bruteforce attack gets successful and attacker gains the credential of targeted accounts.
At the mean time Apple had fixed the bruteforce vulnerability on Find My iPhone service API, and now the scripts won't work anymore. But the scripts was live for two days before apple fixed the issue.
Latest updates from the Apple side is that, the leak image is said to be via hack and the hack points out to the Apple iCloud service, so Apple security team is investing the report. Apple spokeswoman Natalie Kerris told Recode that "Company take user privacy very seriously and are actively investigating this report,”.