Leaked celebrity photos were not obtained through iCloud says Apple

After 40 hours of investigation, the company says that celebrities' user names and passwords were targeted individually rather than obtained due to a breach in its iCloud security

Apple has denied that a breach in its iCloud security was the cause of hundreds of nude photos of celebrities such as Jennifer Lawrence and Downton Abbey star Jessica Brown Findlay being leaked on to the internet. 


Earlier this week it was understood that hackers had broken into the iCloud accounts of female stars and posted them on to various image-sharing websites. The iCloud, a service launched in 2011, allows users to back up all their data wirelessly and online. It also syncs together all the user’s Apple devices, so, for example, a photo taken on an iPhone will automatically be backed up onto a Mac.

Ever since the leak, Apple has come under fire from commentators criticising alleged shortcomings of its cloud-based services. The company, however, has now broken its silence on the controversy and insists, after 40 hours of internal investigation, that the celebrities were instead targeted individually through a more traditional hacking technique. 

“We wanted to provide an update to our investigation into the theft of photos of certain celebrities,” a statement from the company reads. “When we learned of the theft, we were outraged and immediately mobilised Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us.”

“[We] have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

The company has suggested that users make sure their password is strong and use the two-step verification precaution to defend against any potential attacks. It is also recommended that the security questions that are used to retrieve a forgotten password are made stronger, as they are a weak point in internet security. 


A criminal investigation by the FBI into the leaks is ongoing. A similar, albeit significantly smaller incident, occurred in 2011 when Scarlett Johansson’s phone was hacked. The hacker,  Christopher Chaney, was ultimately sentenced to ten years in custody.