EXIF data can give extra detail about a photograph, such as when it was taken, with what device, and where. InfoSec Taylor Swift, a Twitter account that began as a parody combination of the country singer and security thinking, began a serious examination of EXIF data connected to some of the photos distributed online.
The original hack looks to have been done by “chaining” between accounts: on gaining access to one person’s account, the hacker could access their address book and use that to attack others’.
Some have also pointed to the presence of a Dropbox tutorial file in one hacked account as suggesting that the third-party cloud storage service was a source of some pictures.īut the posting to Github of an exploit against Apple’s Find My iPhone service three days ago, which could use a “brute-force” attack to work out a password, points to the existence of weak links in Apple’s service that could have been exploited once somebody had the email address of a celebrity or their manager.
