Apple, which is poised to unveil new iPhones next week, and the FBI are probing reports hackers used the company's iCloud service to illegally access nude photos of actress Jennifer Lawrence and other celebrities.
Hackers posted the nude photos on the anonymous image-sharing website 4chan, the London newspaper The Telegraph reported. The photos targeting more than 100 U.S. and British celebrities were allegedly obtained by breaking into iCloud accounts, the newspaper said. A representative for Oscar winner Lawrence, in an email, called the situation a "flagrant violation of privacy" and confirmed that the photos were hers.
"We take user privacy very seriously and are actively investigating this report," Nat Kerris, a spokeswoman for Cupertino, California-based Apple, said, without providing additional details.
The iCloud service, a key part of Apple's strategy to unite its iPhones, tablets and desktop computers, lets users store contacts, emails, photos and other personal information on external systems they can access virtually.
Apple has fixed a bug in its "Find My iPhone" software that may have allowed hackers to access celebrity iCloud accounts through so-called brute-force attacks that try multiple passwords, the Engadget technology website reported, citing developers.
The FBI released a statement Monday saying it is aware of the allegations "concerning computer intrusions and the unlawful release of material involving high-profile individuals." The agency is "addressing the matter," said Laura Eimiller, an FBI spokeswoman in Los Angeles.
The FBI doesn't typically confirm investigations as a matter of practice, Eimiller said. "Clearly there's a high public interest, so we felt it appropriate to provide a limited statement," she said.
The risk to iCloud users will depend on whether the breach happened within Apple's security or within the celebrities' personal accounts, said Clifford Neuman, director of the University of Southern California's Center for Computer Systems Security. Either way, some users may not understand when and how they are using such services, especially during the setup.