The online hack that led to the posting of hundreds of explicit photos of some of Hollywood’s most famous female stars could have been down to an attack on their passwords. Stars including actress Jennifer Lawrence and model Kate Upton saw intimate photos posted on forum site 4chan on Sunday evening, with some reports initially concluding Apple’s iCloud service had been compromised to access the images. A piece of computer code that repeatedly guesses passwords has been found online.
Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly. Many users use simple passwords that are the same across services so it’s entirely possible to guess passwords using a tool like this.
Owen Williams from technology site The Next Web, who discovered the bug
The script was posted to software site GitHub but a message has since appeared saying that Apple has issued a “patch” or fix for the bug. “The end of the fun, Apple has just patched,” read an update on the post. The technology giant has yet to make any comment on the incident. According to the post, the script uses the top 500 most common passwords approved by Apple in order to try and gain access to user accounts. If successful, it would give the hacker full access to the iCloud account, and therefore photos.
Cybersecurity is not just a technology problem, humans are very much key to its success. People often point the finger at technology when they’ve been the victim of a cyberattack, but poor password choices or naivety in the face of a seemingly innocent email is regularly to blame.
Rob Cotton, CEO at Web security experts NCC Group