Yesterday, some guy over on 4chan posted a tremendous amount of female celebrity nude pictures that he got from, according to most sources, the Icloud. I’m not sure I entirely believe that, but most of the celebs. are acknowledging that the pictures are legitimate and a tremendous invasion of privacy.
My question isn’t just about the hacking. My question is how a hacker could not only hack into Apple’s Icloud, but could also locate celebrities accounts. Most of us don’t name our phone or our Apple account after our full name. For example, I rather doubt Jennifer Lawrence’s phone(appleid) is JenniferLawrence.
Is the whole concept of this being a one-time massive hack a myth? Or is there something I don’t understand about this situation? How could anyone find specific person’s cloud account even if they had hacking capabilities?
Note: Obviously, this thread will not contain any links to these photos and I don’t even want a discussion about how to locate and view them. This is strictly about the hacking concept and concerns related to that. I’m not a mod, but I would say not even spoiler-tagged links or broken links should be used for these photos. Absolutely off limits in this thread is my request.
From what I’ve heard it usually starts with breaking in a phone account owned by somebody in the entertainment business like an agent or studio executive. They have the private phone numbers for a bunch of actresses and singers. And a hacker can use this information to target their phones.
Not necessarily automatically (I didn’t enable it/disabled it for photos on my iPhone), but it’s considered a good idea as it’s done on the fly and provides an offsite backup in addition to what you back up on your home computer.
One actress, Mary E. Winstead, says that the pictures of her and her husband were deleted from her phone years ago. But they still exist in the iCloud.
Once your iPhone or your Android device has been synced to off-phone storage you no longer have control of your data. You may think that you do but you don’t.
Not that I’ve seen so far. And apparently the brute force attempt bug is now no longer working, so Apple seems to have quietly (they’re not commenting yet) patched it.
I don’t know if that’s a good assumption to make. Most people I know do in fact use their full names in their Apple accounts and their email addresses. If that was the case with the celebrities in question (remember, these are just regular people who happen to perform in front of a camera for a living, not State Department personnel who receive security support from an IT department), then locating their accounts would appear to simply be a case of guessing and luck.
To add to my post above, I’m not sure what you mean by finding phones specifically. If this was a breach of iCloud as the reports indicate, all the hacker needed to do is find or guess the celebrity’s Apple ID and password. The specific phones are inmaterial here.