Celebrity photo leak: iCloud hack case remains unsolved one year on


The cyber attack case that saw nude photos of celebrities including Jennifer Lawrence and Kate Upton posted online is still to be solved by authorities, one year on. 

On August 31 last year, hundreds of explicit images of some of Hollywood's most famous stars were posted to several forum websites anonymously after hackers broke into the iCloud accounts of more than 500 people, predominantly celebrities.

A piece of computer code that repeatedly guessed common passwords is said to have been used in the attack.

The US-based investigation has since led the FBI to search several addresses and seize electronic equipment, but as the first anniversary is reached, the case remains open and no charges have yet been brought.

Hunger Games actress Lawrence called the breach a "sex crime" in the aftermath of the publication. 

Apple, which runs iCloud, the virtual storage space for customer photos and other data, strenuously denied that its servers had been breached as part of the attack, with many security experts pointing to password strength as being the root of the problem.

Internet security expert Jonathan Sander said: "The cloud isn't insecure, Apple's cloud isn't any more or less secure than any other, and those photos weren't any more or less locked down than others.

"The problem is any system is only as strong as its weakest password. The password that a human must use will almost always be the weakest link. It's widely believed that the thieves simply targeted well-known accounts and hacked away at the passwords until they got in."

The iPhone maker has since taken steps to improve security, adding a second layer to logging in to create what is known as "two-factor authentication", as well as adding an email notification system that tells users when someone tries to access their account on a different device. 

But Mr Sander, a senior executive at internet security firm Lieberman Software, said that human nature still poses an issue.

"If users think that's too much of pain, they don't turn it on, and keep using their dog's name for a password, which ultimately means these attacks will continue to succeed," he said.

Since the photo leak, Sony Pictures and adultery website Ashley Madison have also suffered high-profile cyber attacks. Though of a different nature, personal data also found its way online, which has prompted more websites, including forums Reddit and 4Chan, both of which carried the leaked iCloud photos, to begin tightening their content policies in order to cut down on the distribution of such material.