Apple Inc. said it is investigating reports that vulnerabilities
in its iCloud service were exploited to hack the accounts of
celebrities, leading to the publication of nude photos and
videos.
Initial media reports suggested that the hacks stemmed from
individual accounts on iCloud, an online service to store photos,
music and other data from Apple devices.
"We take user privacy very seriously and are actively
investigating this report," said Apple spokeswoman Nat Kerris in a
statement.
A posting on online code-sharing site Github said a user had
discovered a bug in Apple's Find My iPhone service, which tracks
the location of a missing phone and allows a user to disable the
phone remotely if it is stolen. The bug allowed a hacker to keep
trying passwords until identifying the right one.
Most online services lock down an account after multiple
incorrect password attempts to prevent this type of so-called
"brute force" attacks.
The GitHub post was updated on Monday to read: "The end of fun,
Apple have just patched."
Rich Mogull, chief executive of security research and advisory
firm Securosis, said it is plausible that hackers exploited that
vulnerability. "We don't know for sure, but it's very possible that
those are related," he said.
He also noted that it seems more likely that the hackers broke
in through the individual accounts of the celebrities versus
breaking Apple's system. "I would be shocked Apple itself was
hacked," said Mr. Mogull.
Write to Daisuke Wakabayashi at Daisuke.Wakabayashi@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires