Skip to main content

Cast member Jennifer Lawrence poses at the premiere of "The Hunger Games: Catching Fire" in Los Angeles, California November 18, 2013.

MARIO ANZUONI/REUTERS

A mass leak of nude celebrity photos is sparking fears about iCloud vulnerability and renewed warnings that people need to be more careful with their digital content.

News of the photos of A-list singers and actors began to appear Sunday on the bulletin board 4chan. Among the targets were Academy Award winner Jennifer Lawrence, whose publicist confirmed photos of her had been accessed, the reality star Kim Kardashian and award-winning singer Rihanna.

According to people who saw the original post on 4chan, the person was claiming to have taken the photos from iCloud accounts and was seeking to sell them for Bitcoins.

Story continues below advertisement

"This is a flagrant violation of privacy," Ms. Lawrence's publicist Liz Mahoney wrote in a statement. "The authorities have been contacted and will prosecute anyone who posts the stolen photos."

The FBI released a statement Monday saying it is aware of the allegations "concerning computer intrusions and the unlawful release of material involving high profile individuals," and is "addressing the matter," Laura Eimiller, an agency spokeswoman in Los Angeles, said by e-mail.

Apple also released a brief statement Monday. "We take user privacy very seriously and are actively investigating this report," spokeswoman Nat Kerris said.

With few details to go on, technology analysts have been debating the ways these images might have been accessed. Theories range from phishing scams to poorly chosen passwords, with an alleged security vulnerability emerging as a strong candidate.

According to The Next Web Blog, someone recently posted a way to attempt multiple passwords in quick succession. That could have opened the door to what is called a "brute force" attack. Canadian tech analyst and writer Carmi Levy, who stressed that it was still early and that the incident was still being investigated, pointed to this as a plausible scenario.

"Basically, they can try a million different passwords on Jennifer Lawrence's account and Jennifer Lawrence will have no idea that this is going on," he said in a phone interview Monday. "Eventually they just busted in the front door. It was essentially the equivalent of using a battering ram. It wasn't subtle, it was just trying again and again and again after they managed to disable the alarm."

From the first access, he added, the hacker could use information found in the account to pursue other people.

Story continues below advertisement

In a piece posted Monday, The Next Web said "it seems Apple patched the [vulnerability] today."

Hacking of celebrities' phones became a scandal that rocked the media in Britain, where it emerged that many people had not changed the default password that came with the device. And even when they take greater care, the scrutiny of celebrity life means that it can be easy for hackers to jump through security hoops such as questions about a mother's maiden name or the elementary school the star attended. In a major U.S. case, a Florida man used publicly available information to access the e-mail accounts of celebrities including Scarlett Johansson, Mila Kunis and Christina Aguilera "I have been truly humiliated and embarrassed," said Ms. Johansson, who had nude photos taken, said in a tearful videotaped statement played in court at the man's 2012 sentencing.

Mr. Levy said that the most recent incident was a reminder that digital security has to be taken seriously. It's a warning that he and other analysts have repeated many times but seems to have trouble sinking in.

"You don't have to be a celebrity to be affected by this particular attack," he said. "This is a message to all of us that we are still not doing enough to maintain our online security. That we are still committing questionable content to digital platforms, like naked pictures or compromising photos or videos, under the false assumption that we believe that they are private. When, in fact, once something has been digitized or captured digitally it is never going to be even remotely private. You know, the very act of taking a picture on an iPhone can instantly commit it to the cloud."

With reports from Associated Press and Bloomberg

Report an error Editorial code of conduct
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • All comments will be reviewed by one or more moderators before being posted to the site. This should only take a few moments.
  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed. Commenters who repeatedly violate community guidelines may be suspended, causing them to temporarily lose their ability to engage with comments.

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.
Cannabis pro newsletter