Nude Photos Leak In Massive iCloud Hack (Please delete your iCloud backups for now)

Small Business Yahoo ^ | Sept 1, 2014 | Caroline Moss

[ConservativeMind]

Full Title: Nude Photos Of Jennifer Lawrence, Kate Upton, Ariana Grande Leak In Massive iCloud Hack

Jennifer Lawrence, Ariana Grande, and Kate Upton were among a handful of celebrities whose nude photos were leaked late Sunday afternoon following what appears to be a large-scale hack.

The photos first appeared on a 4Chan thread (very NSFW). So far, only Lawrence’s publicist Bryna Rifkin has confirmed, in an official statement to Buzzfeed, that the photos were of her client...

...The leaked photos were apparently obtained via a massive hack of Apple’s iCloud. They were then posted on 4chan by users offering more explicit material in exchange for bitcoin payments.

[Rodamala]

Jennifer Lopez meets John Boehner.

[Rodamala]

My dear friend Sarah has had a tattoo on her shoulder long before this craze of everyone having them... when she got married, if I am recalling correctly the gown covered the tattoo.

[a fool in paradise]

Hacker will go to jail, how about those would look at pics? Any legal worries there?

If you consider the case of the Pamela Anderson sex tape which was personally stolen by a laborer (plumbing? I can't recall), the judge decreed that the tape was releasable as the court case to prevent it's release made it "newsworthy".

[HereInTheHeartland]

FRAUD...

Please don’t steal pictures of me; and say they are of you.

[a fool in paradise]

Did Lois Lerner have any communication files on the iCloud?

[exit82]

I’m with you.

I can understand getting a temporary tattoo to mix it up a little bit, but real tattoos are permanent.

Can’t undo a bad choice in tattoos too readily.

[GeronL]

I bet Janet Reno did!

[Greetings_Puny_Humans]

LOL

[Swordmaker]

Don't Panic! The source of these celebrity images was not Apple's iCloud. Business Insider research of the images shows that many of the images did not originate from Apple sources.—PING

"Despite the original leaker claiming to have accessed the trove of photos thanks to an iCloud exploit, the range of devices showcased suggests that another service may have been to blame,” James Cook (Business Insider editor) reports. “Various naked celebrities are photographed taking selfies with Android devices and webcams. Leaked videos could not have originated from the iCloud photo backup service. The range of devices and media may mean that another backup service like Dropbox or Google Drive could be the originator of the leaked photos, with both services offering automatic backup tools for photos and videos imported from cellphones.”

Business Insider further reported that the celebrity accounts were hacked by phishing for passwords by social engineering means, not by exploiting a vulnerability in any iCloud code.

The guy who originally posted the photos to 4Chan.org, claiming he had hacked the celebrities' iCloud accounts, has been tracked down. It turns out he's NOT a hacker at all, but collected the pictures and posted them on 4Chan to make money, claiming an iCloud hack as a plausible source.

Reddit users on Monday claimed to have learned the identity of the leaker and circulated these images of Bryan Hamade, a 27-year-old from Georgia. Hamade vehemently denied being the leaker in an interview with BuzzFeed.

“I am not behind this. It was so stupid — I saw a lot of people posting the actual leaks and bitcoin addresses and I’ve read a lot about bitcoin and how they’re are valuable and I thought, oh cool I’ll get free bitcoins,” Hamade told BuzzFeed. “I am just an idiot who tried to pull one over on 4chan and lost big time and stupidly left this identifying information. They took my proof and back traced it — it isn’t remotely true. I am not a hacker. I have no idea how the hell someone could hack into all those accounts,” he said.—Source Buzzfeed

Further, Apple's iCloud will lock the entire account after three attempted wrong passwords to prevent the brute force method of guessing passwords, or trial and error dictionary attacks to get into accounts, requiring the owners to answer security questions to again gain access once it's locked. This was operational just last week on my own account.

Apple iCloud Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Thanks for the ping. I was out of town. It’s not what it seems or claimed. See my ping post.

[Liberty Valance]

bttt

[AFreeBird]

I don’t use the cloud for such things. And icloud is relatively new tech. I’m still use apple products, but the cloud is going to be a very slow adaptation.

Right now, it’s just books and music. My preference for Apple, would have been for them to give me a personal, local cloud on my iMac for more personal items while still having access to the larger cloud for the music and books, and maybe reminders. I don’t care if hackers get hold of my cloud based shopping list, or the “Honey Do” list.

Use the cloud responsibly.

[Swordmaker]

This news is a lot bigger than Jennifer Lawrence's boobs. It shatters Apple's claim that iCloud was secure and that's what really makes this story newsworthy.

It turns out that the guy who claimed he got them from Apple's iCloud before posting them to 4Chan.org was lying. He now claims he's not a hacker and doesn't know where they came from. . . and, according to Business Insider Editor James Cook, many of the photos show metadata from Android phones and webcams from Windows PCs, not Apple devices.

Reddit users on Monday claimed to have learned the identity of the leaker and circulated these images of Bryan Hamade, a 27-year-old from Georgia. Hamade vehemently denied being the leaker in an interview with BuzzFeed.

“I am not behind this. It was so stupid — I saw a lot of people posting the actual leaks and bitcoin addresses and I’ve read a lot about bitcoin and how they’re are valuable and I thought, oh cool I’ll get free bitcoins,” Hamade told BuzzFeed. “I am just an idiot who tried to pull one over on 4chan and lost big time and stupidly left this identifying information. They took my proof and back traced it — it isn’t remotely true. I am not a hacker. I have no idea how the hell someone could hack into all those accounts,” he said.—Source Buzzfeed

[itsahoot]

Everything else is just pretty much waiting for the world to see.

Unless your name is Lois Lerner. </s>

[ConservativeMind]

It appears that Apple did fix a “Find My iPhone” password issue that did allow unlimited password attempts to iCloud.

http://www.freerepublic.com/focus/f-news/3199294/posts

[Swordmaker]

Yes, they did fix a flaw. . . But it turns out it was coincidental. The celebrities accounts were compromised by the simple means of the hacker going into “I forgot my password” and guessing the answers to their simple security questions and changing their passwords. Everyone of them had their passwords altered. They used things like “What car do you drive?” And “ In what town were you born?” Both questions for which the answers are easy to learn for celebrities. Dumb.

[TheBattman]

Haven’t all ‘net users been warned repeatedly to use a “decent” password? The particular “brute force” attack uses a list of the 500 most common passwords in its work (”password”, “password 1”, “password2” and other similar idiotic passwords).

This is not platform dependent. It isn’t just Apple’s iCloud that are subject to these kinds of attacks. Really - any of these services, when “secured” with horrid and weak passwords are vulnerable.