Hollywood actors like Jennifer Lawrence and Mary E Winstead found their most intimate photos leak on the Internet in the wee hours of Monday morning after their iCloud accounts were allegedly hacked. While Apple is yet to acknowledge the breach, we might finally know how the hacker accessed the iCloud accounts, TheNextWeb reports.
A Python script surfaced on Github that is said to take advantage of a vulnerability on the Find my iPhone service. The script essentially uses ‘brute force’ on an account, which essentially makes repeated attempts to guess the password till it discovers the correct password. The alleged vulnerability meant the service didn’t lock the account or alert the user about the repeated attempts to discover the password.
The owner of the Python script later noticed that Apple has patched the vulnerability. If the script is now used to target any iCloud account, the account is locked after five attempts. We have reached out to Apple for a comment, and are currently awaiting their response.
The reports of the iCloud hack surfaced online this morning when nude photos of numerous Hollywood actors were leaked on web forum 4Chan. The anonymous hacker claimed that he had obtained these photos after hacking the celebs’ iCloud accounts. The hacker was also selling these photos in exchange for Bitcoins. The list of celebrities includes Hunger Games actress Jennifer Lawrence, Mary Elizabeth Winstead, Victoria Justice, Kate Upton, Avril Livigne, Mary Kate Olsen, Hillary Duff, and many others. While Lawrence and Winstead have confirmed the authenticity of the photos, Victoria Justice, has claimed her photos to be fake.