Apple, which is poised to unveil new iPhones next week, and the FBI are probing reports hackers used the company's iCloud service to illegally access nude photos of actress Jennifer Lawrence and other celebrities.
Hackers posted the nude photos on the anonymous image- sharing website 4chan, the Telegraph in London reported. The photos targeting more than 100 U.S. and U.K. celebrities were allegedly obtained by breaking into iCloud accounts, the newspaper said. A representative for Oscar winner Lawrence confirmed the photos were hers and called the situation a "flagrant violation of privacy," the Telegraph reported.
"We take user privacy very seriously and are actively investigating this report," Nat Kerris, a spokeswoman for Cupertino, Calif.-based Apple, said without providing additional details.
The iCloud service, a key part of Apple's strategy to unite its iPhones, tablets and desktop computers, lets users store contacts, e-mails, photos and other personal information on external systems they can access virtually. Apple has fixed a bug in its "Find My iPhone" software that may have allowed hackers to gain access to the celebrity iCloud accounts, the Engadget technology website reported, citing developers.
The U.S. Federal Bureau of Investigation released a statement yesterday saying the agency is aware of the allegations "concerning computer intrusions and the unlawful release of material involving high profile individuals." The agency is "addressing the matter," Laura Eimiller, an FBI spokeswoman in Los Angeles, said by e-mail.
The FBI doesn't typically confirm investigations as a matter of practice, Ms. Eimiller said by telephone yesterday. "Clearly there's a high public interest, so we felt it appropriate to provide a limited statement," she said.
The risk to iCloud users will depend on whether the breach happened within Apple's security or within the celebrities' personal accounts, said Clifford Neuman, director of the University of Southern California's Center for Computer Systems Security. Either way, some users may not understand when and how they are using such services, especially during the set-up.
"The data are leaving the devices that are in your possession and are now being stored on a server elsewhere," Mr. Neuman said yesterday in a telephone interview. "For most things, that's probably a good thing but for things that are sensitive, that's a problem."
The celebrity hack comes days before Apple's scheduled Sept. 9 product announcement near its headquarters. Apple will introduce bigger-display iPhones and a wearable device at the event, people with knowledge of the plans have said. Anticipation for the event boosted Apple's shares to a record close on Aug. 29 of $102.50, a 28 percent gain this year.
The celebrities hacked included reality TV star Kim Kardashian and singer Rihanna, the Telegraph reported. Actresses Selena Gomez and Kirsten Dunst also were among the cache, Time Inc. reported on its website. The hackers promised to post more photos, Time reported.
Actress Mary Elizabeth Winstead used Twitter to express her feelings about the matter.
To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.— Mary E. Winstead (@M_E_Winstead) August 31, 2014
"Girls" creator Lena Dunham also took to social media to defend the women whose photos were leaked and to warn away people who would seek them out to look at them:
Remember, when you look at these pictures you are violating these women again and again. It's not okay.— Lena Dunham (@lenadunham) September 1, 2014
One plausible explanation for a wide breach of private photos is by way of a password-retrieval system, said Woodrow Hartzog, who teaches privacy at the Cumberland School of Law at Samford University in Birmingham, Alabama. Customers generally recover forgotten passwords by providing information or answering questions about themselves. Celebrities are particularly vulnerable to hacks of these programs because so much of their life history, such as where they were born, is available in biographies, news stories and websites like Wikipedia.
"Data security is more important than ever before," Hartzog said in a telephone interview. "We store our most personal intimate moments online, and it's absolutely critical that that information stay as protected as reasonably possible."
Once private information like nude photographs are made public, laws in the U.S. are inadequate to do much about it, Mr. Hartzog said. Remedies, including getting the data purged, are scant.
"These pictures are likely to still persist," he said. "It becomes a very difficult thing for anyone, whether a celebrity or any other victim of non-consensual pornography, to be adequately helped under the law."
Some of the hacked celebrities, including former Nickelodeon star Victoria Justice, said the photographs purported to be of them weren't real. "These so called nudes of me are FAKE people," Ms. Justice posted on Twitter.
~ Bloomberg News ~