Apple “actively investigating” if iCloud security responsible for celebrity nude photos leak

Last updated:

UPDATE: Apple has issued the following statement:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us.

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.


Apple has launched an investigation into how nude photographs of over a hundred celebrities were leaked online late last week, after claims a hack on their iCloud accounts was to blame.

In a statement sent to Recode, an Apple spokesperson said:

“We take user privacy very seriously and are actively investigating this report.”

The photos appeared after a user on 4chan, an image sharing forum, posted private pictures of 101 celebrities including  Jennifer Lawrence, Ariana Grande, Victoria Justice and Kate Upton.

Pictures of British stars Kelly Brook, Cara Delevingne and Cat Deeley, as well as US stars Rihanna, Kim Kardashian, Kirsten Dunst, Kate Hudson and Selena Gomez are among those also claimed to have been acquired but yet to be circulated online.

While some stars have claimed the pictures are fake, others seem to have confirmed that it is them in the images.

The person who leaked the photos said they had been stolen after gaining access to the victims Apple iCloud accounts, where photos taken on their iPhone and iPad are automatically synced to.

Jennifer Lawrence

Lawrence issued a statement describing the hack as a “flagrant violation of privacy,” while others claimed the photographs of them were fakes. Lawrence’s management team added:

“The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”

Although it isn’t yet clear how the attack took place, a number of security experts have explained how the hack could have happened – and how to avoid it happening again.

“Even if they were all using iCloud, it’s possible that there isn’t a security hole in iCloud itself but rather that celebrities had not properly secured their accounts with – for instance – hard-to-guess passwords.”

There is lots of speculation that a piece of software called iBrute may have been used. iBrute uses what is called a bruteforce attack to guess the password of an iCloud account by automatically trying millions of words until the right one is found.

[signoff predefined=”Enjoy this?” icon=”icon-users”][/signoff]

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.


By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.


You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.


Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services