Shutterstock

A slew of private photos belonging to celebrities were leaked on the internet yesterday, supposedly due to Apple's iCloud Photo Stream feature being exploited by hackers.

The nude photos of the celebrity victims -- 101 in total -- were posted on image-sharing forum 4chan. Some celebrities who were targeted, including Jennifer Lawrence and Mary Elizabeth Winstead, have confirmed either over Twitter or through their spokespeople that the pictures are genuine, but many of the photos in the collection have been identified as fake.


The spread of the images across the internet is to a certain extent inevitable, but social network Twitter is shutting down any accounts that share pictures in line with its content-sharing policies.

The obvious question that the leaks raise is whether or not iCloud is secure enough. If activated, the service automatically backs up all photos taken on Apple devices and syncs them across the network. If users are concerned they can turn off automatic backup to iCloud and can also turn on two-step verification, to make sure they are notified of anyone attempting to access their accounts.

It's entirely possible that the leaks have nothing to do with Apple's encryption of iCloud, which has up until now proven solid and stores photos with "a minimum of 128-bit AES encryption" according to Apple. Only Apple holds the master key to decrypt iCloud data, which it has to do on occasion at the request of government agencies. The simple explanation would be that hackers have managed to access celebrity accounts through a more painstaking process -- getting hold of their email addresses, guessing the answers to their security questions and managing to reset their passwords. This is exactly why it is advisable to have two-step verification activated across all of your accounts rather than deactivating backup services like iCloud.

Wired.co.uk has contacted Apple to try and confirm how the hackers came to procure the photos from the celebrities accounts and will update this article if we receive a reply.