Apple iCloud Hack Reported As Cause Of Leaked Jennifer Lawrence And Other Celebrity’s Nude Photos
According to various reports, someone posted a Python script on Github for a password brute force proof of concept to Apple's iCloud service. Brute force attacks use a script to continually guess passwords until it finds the correct one, and in this instance, it leveraged a vulnerability in Find My iPhone that allowed for repeated password guesses without locking out the hacker or notifying the user.
A day after the code was posted to Github, celebrity photos began appearing on the web, including nude selfies, with anonymous 4chan users claiming to have plucked the photos from compromised celebrity iCloud accounts. According to ZDNet, other celebrity victims may have included Ariana Grande, Victoria Justice, Kate Upton, Kim Kardashian, Rihanna, Kirsten Dunst, and Selena Gomez, among others.
The author of the proof of concept isn't ready to concede that his tool is the likely culprit in all of this, though he does say it's a possibility. He told The Next Web, "I've not seen any evidence yet, but I admit that someone could use this tool."
Apple has rolled out a fix for the vulnerability so that when hackers try to brute force their way into someone's iCloud account through Find My iPhone, they're locked out after five unsuccessful attempts.