Earlier yesterday, an anonymous user began uploading hundreds of nude photos and videos of popular celebrities to 4chan. The images quickly spread across the web, and many pointed to iCloud as the possible culprit. Apple responded to the allegations today in a statement to Recode.
“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.
Currently, security researchers believe attackers were able to access the celebrity accounts through weak passwords. The Next Web says a flaw in Apple's Find My iPhone service lets users run a python script that lets hackers guess passwords repeatedly without any sort of lockout. Apple's main iCloud login screen had a protection that prevented an unlimited number of guesses, however its separate Find My iPhone service did not. Apple has since patched this hole, however we are still not sure if it was a method used to access the iCloud accounts.
Earlier this year, some iCloud accounts were hacked and used to take hostage of iOS devices. Some were forced to pay ransom back in order to get their device unlocked.
We'll keep you update if Apple releases another statement. In the meantime, we strongly recommend that you use two-step verification with your account!