A theory offered on Twitter by security expert Dan Kaminsky, chief scientist at WhiteOps.com, is that someone who was collecting a cache of the celebrity nudes may have been hacked by the person or people who spread the images online over the weekend. If the photos were collected by a person from different sources over a long period of time, it could explain why some of the images appear to be genuine and others are allegedly fake.That would also explain why many of the pictures were taken by Android phones, Windows PC webcams, had Tumblr watermarks, etc., and variously didn't come from Apple devices.
They should use ancient technology-Polaroids!
That's probably not too far from reality. One way you can get into an iCloud account: A very significant number of unsophisticated users use the same password for everything and never change it. Many of these same users also use their email address for their user name. One exploit in Internet Explorer (for example) where a hacker gets your password gets them into all of your accounts. Your pictures are either going to be in iCloud or Google Drive depending on your device. Real world example. A few years ago there was an online e-tailer software package that stored passwords in clear text. You could use a hacking technique called "SQL injection" and get it to dump it's entire database of account names and passwords. From there, you just go to other places the user might have an account and mine away. Information security is an oxymoron. Anything and everything stored electronically is vulnerable.