An anonymous hacker has published several naked pictures of celebrities which is said to have obtained from their iCloud accounts. A total of 17 celebrities picture were posted on 4Chan during the weekend. The hacker also posted a list of all the celebrities of whom he has personal picture, 100 celebrities in total.
The FBI said it is “aware” that someone has leaked nude photos purporting to be pictures of dozens of A-list celebrities including Jennifer Lawrence and Kate Upton and is “addressing the matter.”
Mary Winstead has tweeted that these pictures of her were deleted long ago.
Actress Jennifer Lawrence has a small collection of her photos leaked. Ariana Grande whose pictures as well has been posted stated that these were fake. What remains unclear is, how did the hacker obtained all these pictures from the iCloud account? Is it mere password guessing, social engineering or by breaking into the system?
TheNextWeb reports that the attacker used Brute Forcing technique to get into the celeb accounts. a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.
At the time of publishing, administrators of 4Chan have blocked access to these threads as these victims are high profile personality. There will surely be strong investigation which will follow.