Last night a massive amount of nude celebrity photos were posted onto the internet. To be clear, these weren't "leaks". These were crimes. They were thefts and illegal distributions and worse — violations of privacy and dignity. Dispassionately, it should absolutely be treated like credit card or banking or any other information being stolen. Passionately, we only need to imagine they were photos of us or our loved ones to put it in the proper human context. So, what happened, who can we trust, and how can we protect ourselves?
People had their personal property stolen and their privacy violated. Breaking into someone's account or phone is no different than breaking into their car or house. Likewise, for anyone horrified at the allegations of government or corporate surveillance, for anyone outraged when apps or social networks misuse or misappropriate images, messages, or contacts, for anyone rallying to the cause of personal security and privacy, what could be more of an offense against security and privacy than this?
Clementine Ford, writing for Daily Life:
Decades ago paparazzi used zoom lenses to take photos of celebrities in various states of undress and sold them to tabloids who plastered them all over checkout lines. This is nothing new. However, the anonymity, ubiquity, and access afforded by the internet accelerates and amplifies it in a way that feels very new.
Ultimately, that we're dealing with celebrity, nudity, and Internet — three things society has an adolescent maturity level about — makes no difference. They're human beings. They had their stuff taken and put out on display. That's what matters.
How did it happen?
This part is harder to figure out. Many in the media ran with an early claim that Apple's iCloud was the source, and stuck "iCloud hack" in every headline and opening paragraph they could. In their race to be "FIRST!" few took any time to actually investigate. Maybe they'll be proven right, maybe wrong, but they didn't show their work and that's bad for everybody.
Various online information security experts, however, spent the night examining data, looking at patterns, and sharing insights Twitter, some convinced it was iCloud, some convinced it wasn't, opinions swinging back and forth as the night went on.
This morning it is no clearer.
Charles Arthur, writing for The Guardian:
There are a lot of potential attack vectors including phishing and other forms of social engineering, non-unique passwords stolen from one site and used to gain access to others, or even someone in a physical or virtual location or profession that gives them privileged access to accounts or devices, ranging from technicians to social media managers.
In counterpoint, Adrian Kingsley-Hughes, writing for ZDNET:
The email address would have to be known, two-step authentication couldn't be enabled, and shorter, simpler passwords would be faster to hack. None of those are impossible or even unlikely, and the timing has resulted in a second wave of headlines linking the two events with every synonym for "might" or "could" imaginable.
There is also the possibility we're dealing with multiple hacks through multiple vectors that occurred over an extended period of time, or multiple individuals and layers of hacks.
Forensic researcher Jonathan Zdzardski:
Should iCloud customers panic?
No, but like any customer of any online service or digital device, you should be concerned.
iCloud Photo Stream, if we allow it, keeps out last 1000 photos for 30 days backed up to all our devices. iCloud Camera Roll backup and the upcoming iCloud Photo Library will keep all photos and videos backed up online up to the limits of available storage.
Dropbox, Google+, Microsoft OneDrive and other cloud-services, likewise if we allow it, will auto-upload and keep all our photos and videos onto all of their servers up to the limits of available storage.
Bugs will always be found in code. Humans can always be tricked.
Unfortunately, just like home owners should be concerned enough to lock their doors, customers of online services should be concerned enough to lock down their accounts as best as they can.
What can I do to protect myself?
Most people aren't high-value targets for these kinds of attack. However, if you're at all concerned about your security and privacy and the security and privacy of your accounts and devices, here's an article I wrote a couple of months ago that details how you can make your iPhone or iPad as secure as technically and humanly possible.
If you haven't already, please take a few moments to read it and share it.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.