Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
A breach of Apple’s iCloud and Find My iPhone services was not involved in the recent hacking incident that saw the private photos and videos of several celebrities leaked onto the Internet, according to a press release just issued by Apple.
Instead, celebrity iCloud accounts were compromised by targeted attack on user names, passwords, and security questions.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud(R) or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material, which quickly led to accusations of a flaw in iCloud as the reason for the leak.
Apple announced plans to it was launch an investigation into the matter on Monday, after a tool surfaced on Github that could have potentially allowed hackers to brute force their way into accounts via a security flaw in Find My iPhone.
Apple suggests that users utilize a strong password and enable two-step verification to avoid similar hacking attempts.