The Fappening, and how to protect your private photos (2024)

31 August 2014 is likely to go down in internet history as ‘the Fappening 2014’. To cut a long and very seedy story short, a member of the 4Chan website yesterday released a trove of intimate photos of almost a hundred (almost entirely female) A-list actors, singers and celebrities, including the likes of Jennifer Lawrence, Avril Lavigne, Kim Kardashian, Rihanna, Kirsten Dunst, Aubrey Plaza and Winona Ryder.

As news of the leaked photos spread like wildfire, first to Reddit and then to the wider media, a storm of interest arose. #Fappening continues to trend on Twitter, and the Fappening subedit within hours reached over 40,000 readers (with many men stylishly making crude references to jerking off over the photos).

The resultant media circus has declared outrage at the leak, but by continuing to splash the story over news headlines, has encouraged the public to seek out the photos. We ask our readers to respect the affected women’s privacy, and not to perpetuate sexist behavior or encourage the creep who obtained the photos (and who has promised to release more in return for payment), by resisting any temptation to search for and/or click on these images.

As horror movie actress Mary Elizabeth Winstead noted on Twitter,

To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.

‘Nuff said.

How were the photos obtained?

The original leaker claimed to have obtained the nude photos through an exploit which allowed him (her/them?) to access photos stored on victims’ phones through their Apple iCloud accounts, and media attention has focused mainly on this area (including Apple's Photo Stream utility and iCloud photo backups service).

However, some of the photos are ‘selfies’, and clearly show celebrities using Android devices or webcams to take the photos, and some photos have text overlaid on them that point to their being uploaded using Snapchat (a service with a record of security problems).

Given the huge number of photos featuring such a wide range of celebrities, it has also been suggested that social engineering was used to get close to the targets (perhaps by some form of collective), obtaining positions of trust, such as personal assistants or bodyguards, that would allow access to the stars intimate records. Physical theft of personal phones is also a possibility.

How to prevent this happening to you

Media attention has focused on Apple’s iCloud service, but as noted above this may be somewhat unfair to Apple, and similar services such as Dropbox and Google Drive present comparable security risksanyway. Therefore, while these notes concentrate on iCloud and iDevices, we strongly recommend users of other devices and cloud services take similar precautions.

Use strong passwords

Weak passwords are the single greatest security risk there is on the internet. Not only are passwords such as ‘123456’ and ‘password’ ridiculously common, but in the case of celebrities, where are large amount of personal information about their lives is in the public sphere, it is not difficult for attackers to guess weak passwords based on their family or pets names, where they have lived, their hobbies and interests,etc.

A strong password should contain a long string of random letters and numbers, including symbols and a mix of capital and non-caps letters. Of course, remembering even one such password is next to impossible for us mere mortals, let alone one for each and every important account, so this is where password managers come in.

Password managers randomly generate secure passwords, remember them for you, and integrate with your OS and/or browser to make using them as easy and seamless to use as possible. Although perhaps a little rougher around the edges than commercial offerings such as LastPass and 1Password, we recommend KeePass for iOS and KeePassX for OSX (both fully compatible iterations of the excellent KeePass) because they are free and open source.

Use two-factor authentication

Two factor (or step) authentication (2FA) secures an account by requiring that anyone accessing it needs not just a password and username, but a code sent to their phone, combining ‘something you know’ i.e. your username / password, with ‘something you have’ i.e. your phone.

The Fappening, and how to protect your private photos (1)

Instructions for turning on 2FA for iCloud are available here, but this feature is also available for similar services such as Dropbox, Google (including Drive) and Microsoft (SkyDrive). A more complete list of services which offer 2FA is available here.

Turn off photo auto-upload

In common with most major cloud storage services, iCloud offers a feature known as Photo Stream, which automatically backs up photos taken on an iPhone or iPad, and uploads them the cloud. This is widely regarded a security weak point (although iCloud does use at least 128-bit AES encryption), and it may be a good idea to turn any such feature off, no matter how useful it is.


It is likely that the celebrities’ accounts were hacked through poor security at the user-end, rather than through a fundamental flaw in technology, and following the simple steps outlined above you can vastly improve the chances of a similar thing never happening to you.

The Fappening, and how to protect your private photos (2024)


What is the meaning of Fappen? ›

In 2006, the adult p*rn site ImageFap launched, capitalizing on this newish slang term for jerking off. Then, there was The Fappening (a blend of fap and happening), a 2014 iCloud hack that released dozens of nude celebrity photos online.

Who are the victims of the iCloud leaks? ›

Miley Cyrus, Anne Hathaway, Amanda Seyfried, Demi Lovato, Lucy Hale, Kate Hudson, Rose McGowan, Rosario Dawson, Suki Waterhouse and Alison Brie, and much more are just the latest victims adds to the long list of affected celebrities.

How can I see who is accessing my iCloud? ›

Check which devices are signed in to your account by going to Settings > [your name]. If you see a device you don't recognize, tap on that device name and select “Remove from Account.”

How do you know if someone hacked your iCloud? ›

How can you check for unknown devices or accounts?
  • Check the iCloud account for unrecognized devices as well as Passwords & Accounts for any unrecognized emails.
  • Review Apple ID devices. ...
  • Use Apple's Find My app to see a list of devices associated with the ID. ...
  • Check the Apple ID account for unfamiliar phone numbers.
Jan 8, 2024

How will I know if someone is trying to hack my iCloud? ›

Once hackers log in to your Apple account, they work quickly to take control. Here are some common warning signs that your account may be compromised. Your Apple ID password stops working. Your device is locked or was put into “Lost Mode.”

What celebrities were affected by the iCloud hack? ›

We've just learned that new nude photos of Jennifer Lawrence, Kim Kardashian, Vanessa Hudgens, Mary-Kate Olsen, Avril Lavigne and other female celebrities were leaked online.

What was the iCloud hacker sentenced to? ›

California Man Known As “icloudripper4you” Sentenced To Nine Years In Federal Prison For Stealing Nude Photographs And Images From Apple iCloud Accounts.

What happens if your Apple ID is leaked? ›

If someone gains unauthorized access to your Apple ID there are several ways your data could be compromised: If you sync data from your iPhone to iCloud, a hacker can view this data. If you have an email address, they may be able to send and receive emails via your account.

Who hacked Apple iCloud in 2014? ›

According to court documents and statements made in court, from April 2013 through October 2014, GAROFANO engaged in a phishing scheme to obtain usernames and passwords for iCloud accounts.

Top Articles
Latest Posts
Article information

Author: Prof. Nancy Dach

Last Updated:

Views: 6193

Rating: 4.7 / 5 (77 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Prof. Nancy Dach

Birthday: 1993-08-23

Address: 569 Waelchi Ports, South Blainebury, LA 11589

Phone: +9958996486049

Job: Sales Manager

Hobby: Web surfing, Scuba diving, Mountaineering, Writing, Sailing, Dance, Blacksmithing

Introduction: My name is Prof. Nancy Dach, I am a lively, joyous, courageous, lovely, tender, charming, open person who loves writing and wants to share my knowledge and understanding with you.