Apple defends iCloud, says hackers deliberately targeted passwords

3 Sep 2014

After more than 40 hours of investigation, spurred on by the breach and leak of explicit photos stored in celebrities’ cloud accounts, Apple has denied there are any loopholes in iCloud or the Find My iPhone feature.

Instead, the consumer tech giant said the celebrities’ accounts came under a deliberate and targeted attack where weak password security was a leading factor.

Apple has urged users who back up photos and other data to iCloud to make use of stronger passwords and two-factor verification. Both of these are addressed on Apple’s website

Two-factor verification requires users to make use of an additional code that is sent to their mobile phones once they enter their username and password, providing an extra layer of security.

Hackers attacked smartphones and cloud accounts of Hollywood stars including Jennifer Lawrence, Kate Upton, Kirsten Dunst and many others and began publishing private photos on sites such as 4chan, Reddit and AnonIB.

It is understood the celebrities were also using devices and cloud accounts other than iPhones and iCloud.

Bruised Apple

“When we learned of the theft, we were outraged and immediately mobilised Apple’s engineers to discover the source,” Apple said in a statement.

“Our customers’ privacy and security are of utmost importance to us.

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet.”

Apple pointedly noted its investigation showed there was no breach of its systems.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems, including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved,” Apple said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com