Apple is investigating how nude photos of several Hollywood celebrities were accessed and taken from their iCloud accounts.
The stolen photos of the personalities including Jennifer Lawrence, Ariana Grande, Kate Uption and hundreds more were originally posted on the image-sharing site 4Chan and have been distributed across the Internet, appearing on popular sites such as Reddit and Twitter.
"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Re/code. The company is yet to explain how the attacks were conducted.
According to security experts from FireEye, a threat research firm, the cyberattack could have been prevented if the owners of the accounts enabled the two-factor authentication feature.
The two-factor authentication feature requires users to create a numerical security code for their accounts in addition to their usual password. This numerical code is regularly changed and is sent to the user's mobile phone or other registered devices. Since the code is always changed, the hackers may struggle in accessing the accounts, even if they are able to trace the regular password.
Following the leak of the celeb nude photos, Bryan Hamade, 26, was identified as the source of the leaks. However, he denied the allegations and told Daily Mail that he only reposted the said photos.
Similarly, The Next Web explained that this attack may be connected to software called iBrute, a Russian software designed to perform brute-force attacks to gain access to iCloud accounts. iBrute gains access by simply guessing the account's password until it matches the correct password - a tedious process for a person, but easy if carried out by a computer. However, there is no direct evidence linking iBrute to the attack yet.
"The attackers never should have been allowed to make an unlimited number of guesses," Darien Kindlund, director of FireEye, told Re/code.