Apple software engineers and the PR teams of the celebrity victims of a privacy breach are into overdrive investigating a hack that release nude celebrity photos and the theories surrounding how the intimate images were leaked range from a single individual exploiting iCloud to a pool of small-scale intrusions conducted by several individuals.
Apple has been ironing out a fix for an iCloud vulnerability that was said to been used by the hacker who leaked nude photos of celebrity online, though it's still unconfirmed that the leaker exploited Apple's cloud storage service to steal the photos.
The exploit may have come from code that prevented the targeted accounts from locking after several failed attempts at entering the correct username and password pair.
The hackers may have used the exploit on Apple's "Find My Phone" service, which would have been barraged by automated attempts to guess the correct username and password combination for the targeted accounts. With the confirmed credentials from Find My Phone in hand, the hacker would then have used the information to gain access into the victims' iCoud accounts.
Hackapp, the exploit tool said to have been used to thwart the locking mechanism, says hackers could definitely leverage the exploit to brute-force their way into Find My Phone accounts. However, Hackapp says there's no evidence indicating the exploit was used to steal the celebrity photos.
The intimate images were first posted onto 4Chan, an image forum on which the majority of the conversations are conducted anonymously. Despite veiling its users behind anonymity, users can employ "tripcode" to confirm multiple posts.
During the release of the hacked celebrity photos, there appeared to be at least two individuals leaking the information onto the image forum. With some of the stolen images confirmed fake and others backed as legitimate, there has been some speculation suggesting that the leaked pictures were pooled together by a collective of hackers seeking a large payout.
Also backing the theory of a hacker group pooling stolen images, the leaked images were said to have been sourced from non-Apple products. Some were even said to have been lifted from SnapChat.
Another theory suggests the hacker gain access into the celebrities mobile devices as the connected to WiFi at the Emmy awards.
With the primary theory centering around the iCloud exploit, the leak of the celebrity images is tarnishing the work Apple has been doing to protect its users' privacy. The tech firm, which is preparing the release of its next phone, has recently announced new privacy policies for its users data and, in June of 2014, was revealed to have created security measures to protect iOS 8 users for data snoops.