Apple Inc. (NASDAQ:AAPL) is reportedly investigating the possible breach of several iCloud accounts, where hundreds of nude photos were taken and published on the Web. “We take user privacy very seriously and are actively investigating this report,” Apple spokeswoman Natalie Kerris told Re/Code.
The massive nude photo leak involved hundreds of photos from a number of celebrities including “Hunger Games” actress Jennifer Lawrence, model Kate Upton and many more.
Following the leak, a piece of code called “iBrute” was published on app repository GitHub Monday, which publicly disclosed a flaw in Apple’s iCloud service. The flaw had the potential to allow hackers to brute force hack, or try every password combination rapidly, on accounts residing on the company’s cloud service in order to unlawfully gain access. The security flaw had reportedly been patched by Apple before the publication of the code, which ran through 500 of the most commonly used passwords created using Apple’s password guidelines.
While anonymous users on the 4chan image board claimed the photos were obtained from the actresses’ iCloud accounts, there is currently no direct evidence tying the leaked code to the hacks.
HackApp, the security group behind the publication of “iBrute” issued a statement Monday, denying involvement.
â€” HackApp (@hackappcom) September 1, 2014
“In justification I can only mention, that we only described the way HOW to hack AppleID,” HackApp said. “Stealing private ‘hot’ data is outside of our scope of interests. We discuss such methods of hacks in our narrow range, just to identify all the ways how privacy can by abused.”
While the iCloud has been widely reported as possibly being involved in the hack, it is currently unconfirmed that hackers gained access to the photos solely using the cloud service. Security researchers have expressed doubts iCloud was the only way hackers obtained the photos.
“A wide scale ‘hack’ of Apple’s iCloud is unlikely. Even the original poster is not claiming that,” Rik Ferguson, vice president of security research at Trend Micro, told the Guardian.
The FBI has confirmed it is investigating the incident.