A hacker's claims to have broken into several high-profile celebrities' online accounts – stealing nude pictures of them and posting them on a popular message board – has apparently been confirmed by at least two celebrities and has prompted claims of "violation of privacy" from others.
Facts about the alleged hack remain unclear, but the hacker's claims, if true, could point to a new mutation in the ways that malicious Internet actors violate users' privacy and profit from it.
The hacker claims to have broken into the Apple iCloud accounts of dozens of celebrities including actress Jennifer Lawrence, model Kate Upton, and singer Ariana Grande, stealing personal photos and posting a selection online.
One of the actresses targeted, Mary Elizabeth Winstead, appeared to acknowledge on Twitter that the pictures of her were genuine.
Representative for Ms. Lawrence also confirmed that the images were genuine, according to a statement made to Buzzfeed.
"This is a flagrant violation of privacy," they said in an e-mail. "The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence."
A representative for Ms. Upton made a similar statement, according to ABC News.
"This is obviously an outrageous violation of our client, Kate Upton's, privacy," the spokesperson said. "We intend to pursue anyone disseminating or duplicating these illegally obtained images to the fullest extent possible."
Meanwhile, others, including Ms. Grande and Olympic gymnast McKayla Maroney, said the images were fake.
Technology site ZDNet notes that a day before the leak, the code for an iCloud hack was uploaded to the site GitHub. The hack was intended to enable "brute force" hacking of online Apple accounts.
Normally, several consecutive failed attempts to log into an Apple account will result in that user being locked out. This safety feature prevents potential hackers from besieging an account with an endless list of invented passwords in an attempt to find the right one. But the hack posted to GitHub aimed to circumvent the Apple lockout function to enable brute force hacking.
Apple has now patched its system to fix this vulnerability, Adrian Kingsley-Hughes of ZDNet reports. "Whether the two incidences are linked is at present unknown," he writes.
But the "Cult of Mac" blog suggests this hack could be unique, in that it allegedly was carried out for bitcoins, the online currency. The hacker has claimed to have more explicit photos and videos, and has even posted a master list of celebrities hacked, but is demanding payment for them in bitcoins.
If confirmed, that "most likely makes this a first," writes Luke Dormehl.