This particular hack seems to be through Apple’s iCloud.
I won’t link to any of the photographs that have come out, but you may rest assured that if you wish to sate your curiosity you can fine what you’re looking for as fast as you can type the search string into Google.
This is as good a time as any for a reminder: never put anything on a smart phone that you don’t want everyone to see. It doesn’t matter that it’s a grotesque violation of privacy, it’s simply today’s reality. In this case it’s celebrities, but if it can happen to them it can happen to you.
This will very likely turn out to be a social engineering hack. Accounts compromised due to guessable security questions, something like that.
There’s lots of speculation floating around but very little real info. Some of the celebrities are saying that their pics are fake (they could be lying to save face of course).
Apple does have two step verification for their services, though it could be possible the young actors in question didn’t have the feature enabled.
Apple’s two step verification FAQ: http://support.apple.com/kb/ht5570
Could also be that an employee for the ISP the victims are using is behind the leaks.
Quite a few of them have heads cropped off so could be anyone, and therefore probably aren’t them. Quite a few are undeniably genuine. Most are somewhere in between or even fully clothed (in underwear or swimsuits).
I wasn’t going to download them, but then I succumbed. I am ashamed.
I’ve found my policy of carefully remaining ugly and unfamous has worked as a pretty good security measure against people trading naked photos of me on the internet, And its easier then remembering a bunch of super-complicated passwords!
It is my sincere wish that the Jennifer Lawrence pics where leaked by Gywneth Paltrow when Chris Martin forgot to change his password. Then we can all watch the internet meltdown under the weight of all the gossip.
Some info floating around about the nature of the hack (that may well turn out to be false):
The person who leaked the images is not the hacker, just someone who paid for them. The claim that it was an icloud hack is second hand.
There was a tool published recently that allowed unthrottled brute-force guessing of icloud passwords. It requires that you know the account’s email address, and is really only useful against a weak password. Apple has already put rate limiting in place to mitigate this. It may or may not be related.
There are claims that some of the photos were taken with Android phones. That doesn’t rule out an icloud hack, since it may have been the recipients’ accounts that were hacked.
The person who leaked the photos made a stupid mistake that - if it wasn’t deliberate misdirection - will certainly lead to an arrest.
If I can claim any amount of moral superiority about anything, it’s that I tend not to buy into this level of invasion of privacy… I’ve never seen Paris Hilton’s video, or Rob Lowe’s, and I don’t go looking for risque, non-professional photos of celebrities.
I would assume multiple hacks by various people, with a guy collecting them over time and paying for the pictures or passwords. The hackers, of course, were doing it for money.
And by “hacks,” I do mean something like using a stupidly easy to guess password or even social engineering attacks on the owners themselves. (Email: “There’s been suspicious activity on your iCloud account. Please click here and enter your username and password.”)
Also, some recipients may have just seen dollar signs in selling the pics. I could see the J-Law pics, for instance, being from a jilted boyfriend who was sent those pics, or who had her iCloud password. (For some reason, sharing passwords is a thing amongst people in relationships. Which I guess wouldn’t be so bad, if they’d remember to change them when they break up.)
I am already convinced that Jennifer Lawrence and Ariana Grande have the same complement of nipples and genitals that are typically found in the population at large.
Now, I do think it’s foolish to take naked pictures on a device connected to the Internet, store those pictures unencrypted, and then be shocked that they are disseminated to others. In the old days, all you had to do was keep your saucy Polaroids locked up.
Due to the number of people involved, I think it’s much more likely that nothing was “hacked” but rather someone who works for the storage facility leaked them. That is one of the reasons I never really jumped on board to cloud storage of personal stuff.
An interesting theory that I read was that some (there’s thinking that this is an aggregation of several different hacks; there’s Android photos, Snapchat shots and videos of a format that iCloud would not archive) of these accounts were compromised by someone setting up bogus free wifi hotspots at one or more big Hollywood-type event and capturing login information.
All these services encrypt their traffic (or so I really hope) so a Wifi hotspot in it self would not be enough to gain access.
One possibility is that the photos were gathered through the Heartbleed bug. Could be possible that specific high profile people were targeted before sites fixed the vulnerability. Instagram, for example, had the heartbleed bug.
EDIT: Probably not though as targeting specific people through the bug would be very unlikely.