Phishing attacks partly enabled attackers to get celebrity nude photos, FBI alleges

In 2014 someone leaked nude photos of celebrities on the Internet which apparently were stolen from Apple iCloud  accounts. Not much has been heard about the police investigation since, but several news sites are today reporting that the FBI quickly had an idea who might have been behind them and their techniques.

According to affidavits filed by the FBI in support of a search warrant several months after the incidents, several of the victims were tricked by a person or persons in a phishing scam.

The incident again re-enforces the urgency of CISOs warning employees of their organizations to only use email, messaging and social media services that have two-factor authentication.

According to the documents, the scam worked like this:  One victim discovered her iTunes password wasn’t working, there were problems with her iCloud services and she lost access to her email account. Somehow — the affidavit doesn’t explain how — her password had been reset. A week later she received a phishing message through iMessage on her iPhone sent from “[email protected]” that said “Your Apple ID was used to login to iCloud from an unrecognized devices on Wednesday August 20, 3014” from Russia. “If this was you please disregard this message. If it wasn’t you, for your protection we recommend you change your password immediately.” It gave a one-time passcode to use when resetting at the address “”

The victim (an actress) couldn’t recall if she clicked on the link, but forwarded it here assistant, who did recognize it wasn’t legitimate.

Similarly an athlete received an iMessage phishing message on his iPhone which he forwarded to his manager that his apple ID was used to login to his iCloud from an unrecognized device, given a link and told to change his password. The athlete told his manager to verify he message. Still, the athlete thought the message was legit and followed the instructions. Minutes later he realized it was a phishing message and reset his iCloud password and changed his email address.

Because of these and other events the FBI investigated computer records and found an Apple iPad at a Chicago address had created an iCloud account “[email protected].” It also discovered the IP address at that location accessed the iCloud account of several victims and attempted to reset the password by answering security questions.

According to the affidavit supporting a request for a search warrant, between May 2014 and August approximately 330 unique iCloud accounts were accessed from the IP address at that location over 600 times. The agency also found that 22 Gmail accounts were accessed or attempted to access from the IP address. Google couldn’t determine how the passwords were obtained, but the affidavit said several were high profile actresses.

According to Gawker, another Chicago man’s residence was raided that had a computer that allegedly accessed or attempted to access the iCloud and email accounts of celebrities.

Despite the 2014 raids on these residences no one has been charged.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now