Recently Scarlet Johansson has been added to the list of celebrities who have had photos taken on their phone compromised. The media is stating this is an apparent ring of hackers that are stealing the data from celebrities phones and laptops, however this theory seems suspect.
More likely is that the images are being stolen from cloud and backup services, where data sits unencrypted, not directly from the devices themselves. I took a look at the recent alleged images ( research! ) and scanned them for EXIF data to see what information I could find about the images. One of the images had quite a bit of data embedded, I was able to see that the photo was taken with Blackberry Bold 9000 taken on October, 12, 2010 at 8:02PM. It is interesting that these photos are over a year old. Unless the image data and EXIF tags were tampered with the image came directly from the phone and was not modified by any applications like Photoshop, or compressed by any service. The images could have been emailed to another party as an attachment, it is highly likely that an email account or backup service was compromised.
The second photo that shows Johansson’s backside was not taken with the same phone, very little EXIF data was embedded in the image, but it was taken at a much higher resolution of 300 px/inch, the image also uses Progressive DCT encoding vs Baseline DCT like we have on the Blackberry device.
Several celebrities have had images leaked lately Vanessa Hudgens reportedly had nude images leaked after someone hacked her Gmail account. Odds are something similar has happened here, particularly given the age of the images.
Celebrity security needs to be taken as seriously as government security, all data should be encrypted even personal images and data. If celebrities are using cloud services they need to make sure the data is encrypted before it is backed up.