Actress Mary Elizabeth Winstead thought she was sharing a private moment with her husband, film director Riley Stearns, when she posed for a number of intimate images in her home several years ago.
The 29-year-old then deleted the explicit images from her personal electronic device. They were gone. At least, she thought they were.
Now, the star of Scott Pilgrim vs.The World has found those incredibly private moments splashed across the internet for the world to see in one of the biggest celebrity hacking scandals of recent times.
Winstead's iCloud account - the service used to back up data from an iPhone or iPad in case the device is lost - is thought to have been targeted by a hacker, who gained access to the shots.
Winstead is said to be one of more than 100 high-profile women, including Oscar-winning actress Jennifer Lawrence, Australian actress Teresa Palmer and model Kate Upton, whose accounts were targeted, according to reports.
Those stolen images were then uploaded anonymously to the image-based bulletin board 4chan, where rumours of the images had been circulating for days.
An angry Winstead took to Twitter to lash out at those behind the intrusion, and to those who were sharing them on social media.
The anonymous 4chan user who originally posted the images claimed that he or she had hacked the iCloud accounts of the stars.
Fairfax Media has contacted Apple for comment. The company is yet to respond to those claims.
If true, it would demonstrate how stealing files from a person's phone no longer requires physical proximity or any outright carelessness on the victim's part.
When iCloud is enabled, the back-up happens automatically whenever a photo is taken.
Winstead's claim that she had long since deleted the images from her personal electronic device adds weight to the idea that the images were taken from a cloud-based back-up service rather than directly from her device.
The photos first appeared on a 4chan's /b/ imageboard, which is by far the most popular on the website, drawing nearly 30 per cent of its traffic, and which has a "no rule" policy. On 4chan, users can post anonymously and are not required to sign up for an account.
The original 4chan user originally shared two images of his or her desktop, showing thumbnails of photos yet to be leaked.
More explicit material was also offered in exchange for bitcoin payments.
Winstead's Twitter post appeared to verify that the photos were genuine, while representatives for both Upton and Lawrence confirmed the legitimacy of the photos.
"The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence," her spokesperson said.
Winstead appeared to have copped flak for speaking out online.
Twitter has started banning any accounts that post or link to the photos, but they continued to circulate online.
Ty Miller, information security expert and founder-director of online risk management firm Threat Intelligence said: "It's absolutely plausible that an attacker could have compromised an iCloud account to gain access to [a victim's] photos. This includes both photos stored in Photo Stream and in their device back-ups."
Photo stream is a process whereby every photo a user takes is immediately sent to the cloud. Even if a user deletes the photos from his or her phone, they will stay online.
"Although possible, it is unlikely that the incident is due to a security flaw in iCloud itself. [The reports] indicate that the security breaches were targeted at a specific set of celebrities."
Ty Miller, information security expert and founder-director of online risk management firm Threat Intelligence said: "It's absolutely plausible that an attacker could have compromised an iCloud account to gain access to [a victim's] photos. This includes both photos stored in Photo Stream and in their device back-ups."
Photo stream is a process whereby every photo a user takes is immediately sent to the cloud. Even if a user deletes the photos from his or her phone, they will stay online.
"Although possible, it is unlikely that the incident is due to a security flaw in iCloud itself. [The reports] indicate that the security breaches were targeted at a specific set of celebrities."
No comments:
Post a Comment