Skip to content
Home » Operating Systems » Apple iOS » AppleID and iBrute vulenerability responsible for Celebrity Photo Hacks

AppleID and iBrute vulenerability responsible for Celebrity Photo Hacks

Today is one of those days on the internet where, the real freedom of the internet and the technology we use is questioned. It raises many queries over privacy and the secrecy of yours, and our content that is stored online and inside our tech.

Yes we are speaking about the mass Hack that has reportedly seen over 100 female celebrities personal pictures and information stolen from private accounts. Many of them with nude or NSFW images of some of the best looking and biggest female stars across the globe. Now we are not here to discuss who and what has been leaked, (if you want to see that just search for Jennifer Lawrence) as it crosses that fine line, but how was it accessed.

Many are currently pointing the fingers at Apple, and its iCloud storage being the place that has seen the hack. It doesn’t seem to be a mass break/hack in Apple’s storage service more so an access loophole that can be exploited by many more in the future.

Reports state that the Hacker(s) accessed the Apple iCloud accounts via loophole in the login security. Reportedly the exploit relates to a project on the code hosting site Github called ibrute.

A day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn’t employ brute force protection, which basically means that a hacked can repeatedly keep using different password combinations without ever being locked out of the account.

Thus using password creation software, hackers can mass attack AppleIDs online with the hope that eventually a password match is seen. This system would of course need an email address of the celebrity that is under fire, but in today’s digital world this isn’t always the hardest thing to find, and with one celeb/agent/person in the know had their account hacked, it would give access to a whole host of other accounts with contacts in.

It’s not confirmed that this is indeed the reason for the leaks, but it would seem that the iBrute devs have now fixed the issue that allowed the loophole. There are of course other avenues for hackers to get into accounts, from Poor password control to simple abuse of trust (friends/ex-lovers etc.) but with the large scale leak of the nature, we suspect something a bit bigger has happened.

It does pose the question of just how secure these types of online storages are, and just to be safe, we would recommend changing your passwords regularly, and keeping them at a high security.

In the meantime Reddit, Imgur and Twitter are all clamping down on users and accounts that share and leak the images, but as with all things internet, once it’s out there, it’s there forever.