If you were worried that your precious information stored in the iCloud might be vulnerable following the nude celebrity photo leaks, then you can breathe out a sigh of relief because Apple just released a statement claiming that its iCloud and Find My iPhone services were not compromised. Instead, the photo leaks was a targeted attack on usernames, passwords and security questions.
According to the statement from the Cupertino company, after over 40 hours of investigation, they found that the hackers focused on compromising usernames, password and security questions of affected celebrities. The statement went on to claim that Apple’s systems including iCloud and Find my iPhone were not breached and the company is continuing to work with law enforcement to help identify the criminals involved.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
It was previously believed that the hackers used a new app on GitHub known as iBrute. The app used a flaw in Find my iPhone app that allowed unlimited password guesses to continually input the most common passwords on the internet until it found a match. The flaw has since been fixed however, Apple did not make any comment with regard to that matter.
Nonetheless, the internet is never and will never be a safe place to store private photos so the best way to protect yourself is to never take compromising pictures of yourself with any device that connects to the internet. Finally, just to be safe, change your iCloud password and activate two-factor authentication on your iCloud and other accounts as well. It’s troublesome, but certainly not as troublesome as trying to retrieve your account once it’s been hijacked. My Twitter account was recently hijacked but thankfully, Twitter customer service was very prompt in returning my account to me but this whole thing could’ve been avoided with 2-step verification activated.