FBI probes celebrity photo hacks, Apple confirms investigation

The hunt for hackers and leakers behind the massive celebrity leak on Sunday begins.
Written by Liam Tung, Contributing Writer on

The FBI has reportedly begun inquiries into reports that hackers stole and leaked private and intimate pictures of over 100 celebrities.

According to Associated Press, the FBI said on Tuesday it is "aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter." Exactly how it's addressing the matter isn't clear, but presumably it will need to clear up whether there was a breach in the first instance.

While the FBI leads a range of computer crime investigations, the last major celebrity hack it investigated came as part of the 11-month Operation Hackerazzi, which led to the arrest of a 35-year old who was accused of hacking the email accounts of individuals including Mila Kunis, Christina Aguilera, and Scarlett Johansson. The man was sentenced to 10 years in jail.

Since photos of victims of the latest hack began appearing on several websites on Sunday, much of the speculation about how the hacker acquired the photos has centred on iCloud. However, the source of the images still remains unknown and could just as likely have come from multiple sources.

Yesterday it emerged that Apple had fixed an serious security flaw in the Find My iPhone feature within its iCloud service, which is used to store photos, contacts, and content of iOS devices.

On Saturday, security researchers at HackApp posted a proof of concept exploit for an iCloud flaw that effectively flooded the site with password attempts without being locked out. The attacker would still need the email address victims used for their Apple ID.

The tool, dubbed iBrute, was designed to flood iCloud with the top 500 passwords found in the 2009 RockYou breach in which 32 million unencrypted passwords were publicly leaked. As ZDNet reported at the time, the top 20 passwords, were pathetic at best, with the most commonly used password being "123456".

HackApp yesterday said that its proof of concept no longer worked, suggesting that Apple had fixed the bug its tool exploited.

Apple has not confirmed whether it did in fact fix a flaw, however it told Re/code on Monday that it is "actively investigating" reports that iCloud accounts was breached.

"We take user privacy very seriously and are actively investigating this report," an Apple spokeswoman told the publication. ZDNet has asked the company for comment and will update the story if any is received.

Earlier this year Apple shot down claims that iCloud was breached after dozens of Australians woke up to find they had been locked out of their iCloud-connected devices by hackers. Apple told users to avoid re-using passwords across multiple services, suggesting victims’ passwords had been sourced from breaches at other services.

Read more on this story

Editorial standards