Skip to main content

Filed under:

'Celebgate' attack leaks nude photos of celebrities

Share this story

What appeared to be genuine nude photos of more than 100 celebrities were published online over Labor Day weekend, 2014, in a mass attack dubbed "Celebgate." The celebrities pictured included Hunger Games star Jennifer Lawrence, who confirmed the photos were real, and pop star Ariana Grande, who said they were fake, among dozens of other A-list actors and musicians. The photos were first posted on the forum 4chan and then circulated on the Reddit subsection r/TheFappening. They allegedly came from the victims' iCloud accounts. Apple says the hack was caused "by a very targeted attack on user names, passwords and security questions," and not a breach of its systems. The incident sparked a discussion about security, the social acceptance of sexting, and the misogynistic culture that thrives in some corners of the internet.

  • Bijan Stephen

    Aug 30, 2018

    Bijan Stephen

    Another one of Jennifer Lawrence’s hackers is going to prison

    90th Annual Academy Awards - Arrivals
    Photo by Kevork Djansezian / Getty Images

    George Garofano — one of the four hackers who stole and leaked celebrity nudes in the 2014 event that came to be known as Celebgate (and on 4chan as “The Fappening”) — has been sentenced to eight months of prison time. Variety reports, he’ll also face three years of supervised release and 60 hours of community service after he gets out. In total, Garofano hacked more than 250 people, including Kate Upton, Jennifer Lawrence, and Kirsten Dunst.

    Three other hackers had already been sentenced for their roles in hacking the material that became Celebgate: Ryan Collins, 36, was sentenced to 18 months in prison after pleading guilty to felony hacking and violating the Computer Fraud and Abuse Act; Edward Majerczyk, 28, pled guilty to the same and was sentenced to nine months in prison. Emilio Herrera, 32, also pled guilty and is still awaiting his sentencing. While the US Attorney’s Office says there’s no evidence that Collins, Majerczyk, or Herrera shared or posted the stolen images online, Variety reports that prosecutors in the case allege that Garofano traded usernames, passwords, and the images themselves with other people.

    Read Article >
  • Adi Robertson

    Oct 28, 2016

    Adi Robertson

    ‘Celebgate’ hacker sentenced to 18 months in prison

    Ryan Collins, one of the people behind the 2014 "Celebgate" photo leak, has been sentenced to 18 months in prison. Earlier this year, Collins pled guilty to carrying out a long-running phishing campaign that gave him access to dozens of private email and iCloud accounts, including those of many female celebrities, some of whom had nude photos leaked as a result of the breach.

    Collins was convicted of violating the Computer Fraud and Abuse Act and faced up to five years in prison, although prosecutors recommended 18 months as part of a plea bargain. According to the Justice Department, he sent his targets emails purporting to come from Apple or Google, asking them to give up their passwords. Over the course of two years, from 2012 to 2014, he got access to at least 50 iCloud accounts and 72 Gmail accounts, "many of which belonged to female celebrities." The statement also says that Collins ran a fake modeling scam to trick victims into sending nude photos. Notably, the Justice Department has found no evidence that Collins is behind the mass release of these photos, which appeared on the forum 4chan in August of 2014.

    Read Article >
  • James Vincent

    Jul 4, 2016

    James Vincent

    Hacker involved in ‘Celebgate’ pleads guilty, faces maximum five years in prison

    "This defendant not only hacked into e-mail accounts — he hacked into his victims’ private lives, causing embarrassment and lasting harm," said FBI assistant director Deirdre Fike in a press statement. "As most of us use devices containing private information, cases like this remind us to protect our data."

    Read Article >
  • Mar 15, 2016

    Nick Statt

    Pennslyvania man will plead guilty in ‘Celebgate’ nude photo hack

    Mike Windle/Getty Images

    Ryan Collins, a 36-year-old Pennsylvania man accused of playing a key role in the "Celebgate" breach in 2014, will plead guilty to violating the Computer Fraud and Abuse Act, which will mark the first conviction related to the high-profile hack. Collins spent roughly two years tricking victims online, some of which worked in Hollywood, into handing over sensitive data like email addresses and passwords by pretending to work for Apple and Google, according to federal prosecutors. Once inside the accounts, Collins was able to access full iCloud backups containing nude photos and videos. Photos from Jennifer Lawrence and Kate Upton were included in the eventual leak.

    In total, Collins broke into as many as 50 iCloud accounts and 72 Gmail accounts. He was charged with one count of felony computer hacking and one count of unauthorized access to a protected computer. Although the charges contain a maximum prison sentence of five years, prosecutors recommended Collins serve 18 months after reaching a plea deal. "By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity," David Bowdich, the assistant director in charge of the FBI's Los Angeles office, said in a statement.

    Read Article >
  • Rich McCormick

    Sep 24, 2014

    Rich McCormick

    Emma Watson nude photo threats were apparently a plot to kill 4chan

    Anonymous users of infamous web forum 4chan leaked stolen nude pictures of Jennifer Lawrence, Kate Upton, Kirsten Dunst, and scores of other women on September 1st. Three weeks later, anonymous 4chan users threatened to do it again. Their new target would be Emma Watson, the actress best known for portraying teenage schoolgirl Hermione Granger in the Harry Potter movies.

    This time, the anonymous figures appeared more organized. Shortly after the threats appeared online, someone set up a dedicated site — emmawatsonyouarenext.com — and started a countdown to the time and date that they would release the images. The countdown first pointed to this coming Saturday, before jumping forward, to 12AM ET on Wednesday the 24th of September.

    Read Article >
  • Rich McCormick

    Sep 10, 2014

    Rich McCormick

    Artist cancels exhibition of nude pictures stolen from Jennifer Lawrence and Kate Upton

    Last week LA-based artist XVALA — real name Jeff Hamilton — announced he would display recently leaked naked pictures of celebrities including Jennifer Lawrence and Kate Upton as part of an upcoming art show he titled "No Delete." But now the artist has backtracked on his original decision, removing the pictures from his planned exhibit, and replacing them with life-size nude pictures of himself.

    Hamilton said the public reaction to the leaked photos made him change his mind. "People were identifying with Jennifer Lawrence‘s and Kate Upton‘s victimization, much more than I had anticipated, which is powerfully persuasive." Hamilton's scheduled exhibit was to be part of his long-running "Fear Google" series, and was to be run at the Cory Allen Contemporary Art gallery. The gallery said the decision to cancel came because of a mixed public reaction and a number of "persuasive online petitions."

    Read Article >
  • Dante D'Orazio

    Sep 7, 2014

    Dante D'Orazio

    Reddit shuts down subreddit tied to nude photos in 'celebgate' attack

    TheFappening, a new subreddit that became the unofficial hub for the cache of nude celebrity photos revealed last week, has been banned and shut down by Reddit. In a statement published on its official blog, a representative for the company said that "we deplore the theft of these images and we do not condone their widespread distribution." Visitors to the subreddit are now greeted with the warning image above.

    After the initial leak of hundreds of nude celebrity photos online through 4Chan, TheFappening emerged as a distribution center for the stolen photos. Reddit has been silent on the matter for over a week, but now a lengthy post by a Reddit employee explains what has been going on inside the company. At first, Reddit did not decide to ban the subreddit; instead the company responded to DMCA requests and took down private photos hosted on its servers as required by law.

    Read Article >
  • Casey Newton

    Sep 5, 2014

    Casey Newton

    On the internet, disaster is always one step ahead of you

    On Wednesday, following a flood of commentary on the theft of celebrities’ nude photos, some corners of the web announced they’d had enough. John Herrman, writing in The Awl, ridiculed the surge in punditry as a cynical grab for page views. "A phenomenon like this generates an enormous surplus of attention, much more than news can meet," he wrote. "This throws the ᴄᴏɴᴛᴇɴᴛ industry into a frantic generative mode, initiating a full-spectrum stress test on par with a natural disaster or a war." Alex Pareene, following up on Andrew Sullivan’s site, suggested most of these Celebgate "takes" were "produced solely in the hopes that the post will, through luck and a bit of dark magic, win the Facebook algorithm lottery," and "are the most depressing pieces of writing on the web, for the reader and the writer."

    It’s true that generally we suffer from too much commentary chasing too little journalism. But Celebgate strikes me as precisely the wrong test case for this notion, because the leaked photos are the rare bit of celebrity news that has real consequences for the rest of us. The theft of the photos has several dimensions, all of them awful. There are the victims themselves, who have been subject to ridicule and abuse in the short term and could see damage to their careers in the long term. There are the criminals who stole and traded their targets’ information, drawing attention to apparently vast networks of disgruntled ex-boyfriends working to unearth the nudes of their own non-famous partners. There are the Redditors who collected all the nudes, which appear to have included child pornography, onto a forum called The Fappening, where they could be consumed and commented upon in a spirit of callous bonhomie.

    Read Article >
  • Rich McCormick

    Sep 5, 2014

    Rich McCormick

    Tim Cook says Apple will send security alerts to help stop iCloud hackers

    Apple CEO Tim Cook told The Wall Street Journal today that his company is soon to introduce measures to protect iPad, iPhone, and Mac users' information and keep hackers out of their accounts. In two weeks time, Cook said users would start to receive emails and push notifications on mobile devices when iCloud data was restored, passwords changed, or when a new device logs into an account for the first time.

    Cook's comments come after hundreds of photos of nude celebrities, including Jennifer Lawrence and Ariana Grande, were leaked online. The pictures were reportedly obtained through Apple's iCloud service. The company has denied that private accounts were accessible through security flaws in the cloud storage system, but said that the stars were the target of hackers that attempted to compromise their usernames, passwords, and security questions. It's been speculated that the photos released were only a small portion of the number owned by a shadowy ring of individuals who trade private images of the world's most famous people.

    Read Article >
  • Ben Popper

    Sep 4, 2014

    Ben Popper

    Inside the strange and seedy world where hackers trade celebrity nudes

    Ian Gavan

    When nude photos of more than 100 prominent celebrities began appearing on the internet over Labor Day weekend, people assumed that the leak was intentional: there was a hacker, or hackers, who were posting these images for fun or profit, and they had used recently discovered security flaws in Apple’s iCloud system to break into accounts and make off with these pictures.

    Read Article >
  • How damaging is it, in 2014, to have nude photos leak online?

    Celebgate is probably the biggest privacy breach of the most famous people ever to come to public attention all at once. If you didn’t feel vulnerable after the massive Target breach or after Mat Honan’s epic hacking, surely you should feel exposed now that dozens of rich and famous celebrities have had their private photos stolen.

    The breach itself wasn’t that interesting to me — it seemed inevitable. What was interesting was how quickly some celebrities admitted the photos were real, even though they could have easily argued otherwise.

    Read Article >
  • What we know so far about the massive celebrity nude photo leak

    By now, you’ve probably heard that a massive cyberattack dubbed "TheFappening" or "Celebgate" resulted in the publication of nude and semi-nude photos of dozens of A-listers over the Labor Day weekend. Pop princess Ariana Grande, Glee star Lea Michele, soccer player Hope Solo, and our beloved Hunger Games actress Jennifer Lawrence were just a few of the more than 100 celebrities who were allegedly hit.

    It’s unclear who exactly broke into these stars’ accounts, how they did it, and how long the plan was in the works. Apple has said at least some of the photos came from individual iCloud accounts that attackers broke into one by one, and not from a system-wide breach. The company and the FBI are still investigating.

    Read Article >
  • Dieter Bohn

    Sep 3, 2014

    Dieter Bohn

    How to make your email address as hard to guess as your password

    What we're apparently calling "celebgate" has probably caused you to worry that your own data in the cloud isn't secure. It certainly has me worried, but I do have one small trick that helps reduce the stress a little. The attack vectors we're seeing most often involve figuring out some public piece of data about you and then parlaying that into some social engineering (or clever password recovery) to get to your data. Getting a hold of an email address is probably the easiest step in that chain, and if you can make it more difficult, you're theoretically safer.

    So I try to use a different email address for every single service that I sign up for. That sounds like a nightmare (and it kind of is), but the clever bit is that all these emails only look different to the services I use, but they're actually all the same email address.

    Read Article >
  • Charity turns down Reddit's pity money for looking at stolen celebrity photos

    Reddit users raised more than $5,000 for the Prostate Cancer Foundation earlier today, but the organization doesn't want a dime. The reasoning? The money was raised on r/TheFappening, the now-infamous section of Reddit where more than 100 celebrity nude photos, the result of an iCloud hack electronic break-in (or maybe many iCloud electronic break-ins), were widely distributed.

    Here's the joke: masturbation may reduce the risk of prostate cancer. If you downloaded or circulated the photos, you can atone by donating to this relevant charity. Soon, "Reddit The Fappening" was the top donor on PCF's leaderboard.

    Read Article >
  • Apple denies iCloud breach in celebrity nude photo hack

    Apple says that the mass theft of nude celebrity photos that were released over the weekend did not occur because of a breach in any Apple systems, including iCloud. Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on compromising their usernames, passwords, and security questions — a common and well-tread technique across the web. Though Apple's statement doesn't make it entirely clear, it sounds as though iCloud may still have been involved in the thefts in some capacity: that is, Apple's customers may have had their iCloud usernames and passwords stolen, giving another party access to their account.

    Apple also says that Find my iPhone was not involved in the photo thefts. There had been some speculation that this service was at fault, as someone had recently discovered and published a flaw in it that allowed a malicious party to continually guess passwords without any recourse. Apple appeared to have patched the issue shortly thereafter, and its statement implies that this Find my iPhone flaw was not used here. That said, Apple's statement also does not make it perfectly clear that this flaw was not put to use. Apple did not immediately respond to a request for clarification on the matter.

    Read Article >
  • Dan Seifert

    Sep 1, 2014

    Dan Seifert

    Apple 'actively investigating' and FBI 'addressing' alleged hack that revealed nude celebrity photos

    Apple says it is "actively investigating" an alleged exploit to its iCloud service that allowed hackers to post dozens of private celebrity photos to public message boards this weekend. "We take user privacy very seriously and are actively investigating this report," said an Apple spokesperson to Recode. Among the pictures posted to the Reddit and 4chan message boards were nude photos of celebrities Jennifer Lawrence, Kate Upton, Kirsten Dunst, and numerous other models, actresses, and athletes.

    Meanwhile, as Hollywood Reporter notes, the FBI is also paying attention, releasing the following statement that promises that it is "addressing the matter." What precisely "addressing" means is as yet unclear: "The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. ... Any further comment would be inappropriate at this time."

    Read Article >
  • Ben Popper

    Sep 1, 2014

    Ben Popper

    Celebs are just like us: they take and share nude photos

    Hundreds of nude and revealing photos of female celebrities were released onto the internet last night by a hacker. Authorities have yet to identify the culprit and its also not clear exactly how he or she got access to these women's accounts, with iCloud the most widely reported service suspected of being breached. As the world digests the shocking breach of privacy, one common sentiment seems to be that anyone careless enough to take naked photos in digital form should be prepared for the embarrassment of having them leak.

    Read Article >
  • T.C. Sottek

    Sep 1, 2014

    T.C. Sottek

    Tell creepy men on the internet how you really feel

    Over the weekend someone released hundreds of revealing photos of celebrities that appear to have been stolen from private storage. In response to this, a bunch of anonymous guys on the internet copied them and posted them all over the town square, because the internet is written in ink and if you are ever a victim once in your life the internet will remind you of it forever.

    These men are the detritus of human society for whom the internet provides a warm blanket, so let's remove the warm blanket for a minute.

    Read Article >
  • Rich McCormick

    Sep 1, 2014

    Rich McCormick

    Hack leaks hundreds of nude celebrity photos

    Hundreds of nude, semi-nude, and revealing pictures of female celebrities were leaked overnight after being stolen from their private collections. Hunger Games actress Jennifer Lawrence, Kirsten Dunst, and pop star Ariana Grande were among the celebrities apparently shown in the pictures, which were posted on infamous web forum 4chan.

    It's unclear how the images were obtained. Anonymous 4chan users said the photos were taken from celebrities' iCloud accounts, although Apple has since denied that the incident was caused by "any breach in any of Apple’s systems including iCloud or Find my iPhone." iCloud accounts are designed to allow iPhone, iPad, and Mac users to synchronize images, settings, calendar information, and other data between devices, but the service has been criticized for being unreliable and confusing. Earlier this year, Jennifer Lawrence herself complained about the service in an interview with MTV.

    Read Article >