It is believed a handful of computer users clicked links on Friday evening believing they would take them to the illicit images, but instead they inadvertently installed malware triggering a crippling Internet attack.
It took telecommunications giant Spark, the rebranded Telecom Corp., until Sunday to fully repair what it termed a "dynamic" cyber-attack that overloaded its system covering more than 600,000 customers.
The intimate celebrity photos, which included actress Jennifer Lawrence and singers Avril Lavigne and Rihanna, were stolen from a cloud storage system.
Spark tweeted it was aware that when people clicked on some links they inadvertently installed malware "generating a high amount of traffic to overseas sites".
Computer security specialists Trend Micro issued an alert shortly before the attack began warning not to open the links related to the nude celebrities.
"For obvious reasons, clicking on links to 'naked celebrity' photos, or opening email attachments would be a very bad idea right now, expect criminals to ride this bandwagon immediately," it said.
"Our scanning brought to our attention some freshly-concocted schemes targeting those looking for the photos borne from the aforementioned leak.
"The first threat we found hails from Twitter, in the form of a tweet being posted with hashtags that contain the name of one of the leak's victims Jennifer Lawrence."
Trend Micro said users who clicked the link offering to show a video of the actress were directed to download a "video converter" that was actually malicious software.
New Zealand authorities said they did not know who was behind the attack, which was launched from outside the country, and the malware was generating denial-of-service attacks towards Europe.