Nude photos of a number of A-list celebrities hit the web last night, including those of Oscar winner Jennifer Lawrence and singer Rihanna, amidst reports that the photos had been acquired through hacking Apple's iCloud service.
Though Apple is yet to respond to claims that its online storage service (which ties into its Photo Stream picture album app) has been compromised, the size of the leak -- which has also seen photos of Avril Lavigne, Amber Heard, Gabrielle Union, Hillary Duff, Jenny McCarthy, Kate Upton, Kate Bosworth, Keke Palmer and Kim Kardashian published without consent -- may be indicative of a wider iCloud hack.
"Whereas typically value is created by packaging up vast numbers of unknown people’s information, in this case the individual responsible has allegedly targeted a small set of extremely valuable targets," said Chris Boyd, Malware Intelligence Analyst at Malwarebytes.
“It is a stark reminder of the potential consequences of having sensitive material lying around in the cloud. With today’s devices being very keen to push data to their own respective cloud services, people should be careful that sensitive media isn’t automatically uploaded to the web, or other paired devices. People should also investigate the deletion procedures for online storage. Many services allow you to ‘undo’ deletions, which could cause problems in certain situations."
iCloud data is encrypted both when being transmitted to Apple's servers, and again when hosted, with 128-bit AES encryption protecting photos. Usernames and passwords aren't stored within Apple's apps themselves, and are only transferred over SSL when a third party app asks for access. Two-factor authentication, with Apple sending a four-digit passcode via SMS to verify a new machine, is also used to protect iCloud accounts. However, when in doubt over how secure your details may be, it's always worth refreshing your passwords. Today may be one of those days. [Mashable]