A Chinese tourist takes a photo of his wife with an Elvis statue at Hollywood Boulevard in Hollywood. Apple said a "targeted attack" led to the release of nude photos of celebrities but insisted there was no breach of its cloud storage system.
Reuters/San Francisco
The week before a crucial launch of its new iPhone, Apple Inc said intimate photos of celebrities including Oscar-winner Jennifer Lawrence were leaked online through the apparent hacking of individual iCloud accounts.
Apple rushed to restore confidence in its systems' security, saying the celebrity photo scandal that also ensnared swimsuit model Kate Upton, actress Kirsten Dunst and possibly dozens more was the result of targeted attacks on accounts storing personal data and not a direct breach of Apple systems.
"We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," Apple said in a statement.
"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find My iPhone."
The celebrity hacking that came to light over the long Labor Day weekend nevertheless ranks among the highest-profile public fiascos for Apple in recent years.
Apple's iCloud service allows users to store photos and other content and access it from any Apple device. Security in the cloud has been a paramount concern in past years, but that has not stopped the rapid adoption of services that offer reams of storage and management of data and content off smartphones and computers.
Regardless of how the leaking of nude celebrity photos actually happened, the timing could not have been worse for Apple as it prepares to launch a new iPhone next week.
It also underscored the longer-term risks for mobile users as smartphones increasingly become the repository for far more sensitive healthcare, banking and personal data.
"Every great innovation is convenient but also a big opportunity for the bad guys in the world," said Marc Maiffret at security firm BeyondTrust.
Cybersecurity experts say the perpetrators possibly gleaned the celebrities' email addresses and mounted a long-term phishing attempt - a relatively straightforward attack through which hackers gain access to users' accounts by getting them to click on a compromised URL or Internet link.
The photos were posted on image-sharing forum 4Chan, prompting Lawrence's representatives to describe their release as a "flagrant violation of privacy" and contact law enforcement authorities.
That the hacking could hit Lawrence, who is one of the biggest names in Hollywood, the star of the hugely popular Hunger Games films and the best actress Oscar winner, came as a wake-up call to both the famous and non-famous.
"This feels like a brute-force attack and someone's using bad passwords," said Michael Fertik, chief executive of online image manager Reputation.com. "If you must take a nude photo use a non-obvious password."
Hackers use so-called brute-force software to cycle through large numbers of possible passwords during log-in attempts.
Fertik said hacked celebrities would likely have to live with the leaked photos remaining outside their management for the foreseeable future.
The FBI said it is addressing the celebrity photo hacking, but added that any further comment "would be inappropriate at this time."