or Connect
AppleInsider › Forums › General › General Discussion › Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts
New Posts  All Forums:Forum Nav:

Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

post #1 of 178
Thread Starter 
Apple on Tuesday put out a strong statement in support of the security of its iCloud services, saying that a collection of stolen pictures from celebrity phones was as a result of targeted attacks based on user names, passwords and security questions.




Apple said it has completed more than 40 hours of investigation to date, and found that the iCloud accounts in question were compromised based on practices that are "all too common on the Internet."

The company's statement dispels rumors that a wider exploit of its iCloud services, including the Find My iPhone function, played a part in the leaks. Apple recommends that its users employ a strong password, and also enable two-step verification to maximize security.

The company first revealed on Monday that it was "actively investigating the incident, which saw private photos of numerous celebrities leaked onto the Internet. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they were actually privy to the technical details of the leaks.

The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets had cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.

Since the pictures first began to surface on Sunday, reports have emerged suggesting that the images have been circulating amongst a close-knit group of hackers and others for some time. According to Gawker, the collection of pictures are as a result of potentially years' worth of work by hackers.

The fact that all of the images leaked at once led many, including a number of mainstream media outlets, to assume that the result was a massive security breach, which many to draw the conclusion that Apple's iCloud was not secure. But the statement from the company on Tuesday makes it clear that Apple has found no such flaws in its systems, suggesting that the pictures may in fact have been part of a collection that grew over the years but stayed out of the public eye.

The iPhone maker's full statement is included below:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud? or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

post #2 of 178
Way to go Apple!
post #3 of 178

Indirectly this is in some way confirming the authenticity of stolen photos and videos by saying that accounts were compromised. 

post #4 of 178
1) Good article, and quick. Thanks for that.

2) This is incorrect: I cannot "change my security questions"

How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
post #5 of 178

Haha, there we go!

 

The media can now all go and screw themselves! 

 

Anybody who lied about this story should be demoted and they should all receive pay cuts.

post #6 of 178
Quote:
Originally Posted by AppleInsider View Post

The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets had cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.

 

While this may or may not be true, it doesn't excuse Apple from not having rate-limited iCloud login attempts:

 

http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #7 of 178

I already had to tell a guy at lunch today that it wasn't iCloud related because people were taking pics on blackberrys and android phones.

 

Too bad the "news" already broke it was iCloud.  Now that's engrained in less informed minds.

2012 27" iMac i7, 2010 27" iMac i7, 2011 Mac Mini i5
iPad Air, iPad Mini Retina, (2) iPhone 5S, iPod Touch 5
Time Capsule 5, (3) AirPort Express 2, (2) Apple TV 3

Reply

2012 27" iMac i7, 2010 27" iMac i7, 2011 Mac Mini i5
iPad Air, iPad Mini Retina, (2) iPhone 5S, iPod Touch 5
Time Capsule 5, (3) AirPort Express 2, (2) Apple TV 3

Reply
post #8 of 178

So most likely the majority of those celebs were stupid, careless and ignorant.

 

They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.

 

And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.

post #9 of 178

Just as I figured. I wonder if they’ll still up iCloud’s security anyway.

 

I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).

 

I’d also love to be able to write MY OWN QUESTIONS.

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #10 of 178
I first read of this on BBC News, and they specifically said that it was an iCloud hack. Later, when I went back to show my wife, the phrase had been changed from "iCloud" to "Cloud". That's all it takes for a nasty second-hand rumor to take root and grow into a "fact".
post #11 of 178
Quote:
Originally Posted by Apple ][ View Post
 

Haha, there we go!

 

The media can now all go and screw themselves! 

 

Anybody who lied about this story should be demoted and they should all receive pay cuts.

You're awake!

post #12 of 178

so none of the photos came from an iCloud photo login being hacked? the article is confusing.

post #13 of 178
Quote:
Originally Posted by Tallest Skil View Post
 

 I’d also love to not be forced into having numbers and uppercase letters. 

 

I can understand why Apple requires that.

 

I mean, there are so many dumb people out there. The world is swarming with dumb people, and at least that requirement forces people to not choose a password like "cat" or "dog".

post #14 of 178
Quote:
Originally Posted by Andysol View Post
 

Too bad the "news" already broke it was iCloud.  Now that's engrained in less informed minds.

 

Almost as if this was orchestrated a few days before Apple’s announced event. Makes you wonder.

post #15 of 178
Quote:
Originally Posted by anantksundaram View Post
 

You're awake!

 

Indeed I am! I'm not an early bird, but it's 3 PM, so yes, I am fully awake!

 

:D

post #16 of 178
Quote:
Originally Posted by Apple ][ View Post
 

So most likely the majority of those celebs were stupid, careless and ignorant.

 

They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.

 

And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.

Man you sure do love to generalize and make assumptions

post #17 of 178
Quote:
Originally Posted by Freshmaker View Post
 

Man you sure do love to generalize and make assumptions

 

Not as much as the media does!

post #18 of 178

This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.

post #19 of 178

I think Kirsten Dunst owes Apple an apology. ;)

~Tokolosh
Reply
~Tokolosh
Reply
post #20 of 178
Quote:
Originally Posted by Maestro64 View Post
 

This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.

 

What is what you get? nothing happened as the leaks weren't from icloud so whats your point?

post #21 of 178
Why does Apple get all the blame? Videos were stolen too. iPhones and iCloud do not upload videos. So where were they hacked & stolen from. If ANY of those reporting on this had a clue of reporting and journalism they would investigate. But Apple in a headline gets them clicks.

Oh and the nudes I've seen of these "stars" - they all look better with their clothes ON.

No sympathy for selfless or the stupid people that buy a phone and don't know how to use it.
post #22 of 178
Quote:
Originally Posted by alphafox View Post
 

so none of the photos came from an iCloud photo login being hacked? the article is confusing.

 

Some may have come from iCloud, but the login wasn't "hacked". These moronic celebrities had easy to guess passwords and security questions. Oh, and they were also moronic enough to have narcissistic, whorish, nude photos of themselves in the cloud. I have little sympathy. Pro-tip to celebs: If you don't want your nude photos leaked, maybe don't take such photos. And if you REALLY can't help yourself, don't upload them.  It's not that hard of a concept. It's like me putting all my valuable shit on the driveway, and then being outraged when something is stolen. Yeah, the theft is still a crime, but I should also take responsibility for my idiotic actions that led to it. It's not "slut-shaming" to point out that everyone is also responsible for securing themselves, and not being grotesquely negligent in this regard. 

post #23 of 178
Quote:
Originally Posted by Freshmaker View Post
 

Man you sure do love to generalize and make assumptions

"Sure"? "Love to"?

 

Hmm... sounds like a generalization and an assumption, respectively, to me.

post #24 of 178
I said this in other forums: don't use stupid passwords, it's users' fault. Dont blame Apple.

Congratulation to Samsung Galaxy S5 for winning CNET's Best Android Phone of the Year 2014

 

"From the owner of iPhone 6+, Best Smart Phone of the Year 2014"

Reply

Congratulation to Samsung Galaxy S5 for winning CNET's Best Android Phone of the Year 2014

 

"From the owner of iPhone 6+, Best Smart Phone of the Year 2014"

Reply
post #25 of 178
Quote:
Originally Posted by meofcourse View Post

Why does Apple get all the blame? Videos were stolen too. iPhones and iCloud do not upload videos. So where were they hacked & stolen from. If ANY of those reporting on this had a clue of reporting and journalism they would investigate. But Apple in a headline gets them clicks.

Oh and the nudes I've seen of these "stars" - they all look better with their clothes ON.

No sympathy for selfless or the stupid people that buy a phone and don't know how to use it.


If I have your iCould credentials (your apple ID) I can restore any backup you have on the cloud to my device. When I do that, I get the whole phone os, camera roll, mail, and the logged in state and message history of any apps at the time the backup was made. You can also install older backups and see photos or videos that may have been deleted after.

post #26 of 178
Quote:
Originally Posted by Phone-UI-Guy View Post
 

Indirectly this is in some way confirming the authenticity of stolen photos and videos by saying that accounts were compromised. 

 

Sounds to me more like a phishing attack.

 

Person receives fake Apple email to their private email account, which was obtained previously (maybe from one of those large credit card hackings, like at Target) and they are prompted to confirm some innocuous information and their password... Boom.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #27 of 178
Quote:
Originally Posted by John.B View Post
 

 

While this may or may not be true, it doesn't excuse Apple from not having rate-limited iCloud login attempts:

 

http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/

 

This doesn't appear to have anything to do with a brute force attack.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #28 of 178
Quote:
Originally Posted by Slurpy View Post
 

Pro-tip to celebs: If you don't want your nude photos leaked, maybe don't take such photos. And if you REALLY can't help yourself, don't upload them.  It's not that hard of a concept. It's like me putting all my valuable shit on the driveway, and then being outraged when something is stolen. Yeah, the theft is still a crime, but I should also take responsibility for my idiotic actions that led to it. It's not "slut-shaming" to point out that everyone is also responsible for securing themselves, and not being grotesquely negligent in this regard. 

Hard to argue against most of this, if in doubt don't take selfie specials etc & upload them anywhere.

If you really have to use a rock solid password, something such as password should do it :)

post #29 of 178
Quote:
Originally Posted by Tokolosh View Post
 

I think Kirsten Dunst owes Apple an apology. ;)

 

Why? For buying everyone pizza and soft-serve chocolate ice cream?

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #30 of 178
Quote:
Originally Posted by SpamSandwich View Post
 

 

Sounds to me more like a phishing attack.

 

It could be, but either way, the user is fully responsible.

 

I mean, I'm sure that plenty of people get emails from Nigeria, but if they actually respond and believe those emails, then whose fault is that?

 

Personal responsibility is sadly something that many people do not believe in anymore. If somebody does something stupid, then that is their own damn fault, and they should take responsibility for their own actions, and not point their dirty fingers elsewhere, falsely accusing others for their own self made problems.

post #31 of 178
Quote:
Originally Posted by Apple ][ View Post

Haha, there we go!

The media can now all go and screw themselves! 

Anybody who lied about this story should be demoted and they should all receive pay cuts.
You know this won't be the end of it sadly. Regardless of facts the lies about Apple get more traction than the truth.

How much pissing and moaning did we hear about the antena bs but heard little of the truth that all handssets had this issue and that it wasn't limited to Apple?
post #32 of 178
Quote:
Originally Posted by Apple ][ View Post
 

 

It could be, but either way, the user is fully responsible.

 

I mean, I'm sure that plenty of people get emails from Nigeria, but if they actually respond and believe those emails, then whose fault is that?

 

Personal responsibility is sadly something that many people do not believe in anymore. If somebody does something stupid, then that is their own damn fault, and they should take responsibility for their own actions, and not point their dirty fingers elsewhere, falsely accusing others for their own self made problems.

 

While I agree that self-responsibility is key, getting hacked is no cup of tea. 

 

Here's the link to Apple's statement, which seems oddly missing from the main story:  www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #33 of 178
Quote:
Originally Posted by Tokolosh View Post
 

I think Kirsten Dunst owes Apple an apology. ;)

I dunno.   The statement issued doesn't absolve them if their API code allowing infinite tries was in fact the problem, or if that was just coincidental.

 

What I did read was... If you're not a celebrity, don't worry, your pictures are likely safe, unless someone has targeted you and we don't know it

post #34 of 178
Quote:
Originally Posted by SpamSandwich View Post
 

Here's the link to Apple's statement, which seems oddly missing from the main story:  www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html

The full text of what's in that link is in the story, though.

post #35 of 178

Meanwhile -- off-topic -- this does seem like the real thing (iPhone 6)? https://www.youtube.com/watch?v=657UeODW178

post #36 of 178
Quote:
Originally Posted by SpamSandwich View Post
 

While I agree that self-responsibility is key, getting hacked is no cup of tea. 

 

I'm sure that it's not.

 

I've never gotten hacked online, but I was the target of a telephone scam some years back, by some shady company that had somehow made a few charges to one of my bank cards, without my authorization of course. 

 

I was seriously pissed off, and I immediately cancelled that card, and then I contacted the State Attorney General, the FTC, and I even spoke to an agent at the FBI, since this was across state lines. To make a long story short, the situation was rectified pretty quickly.

post #37 of 178
Quote:
Originally Posted by SpamSandwich View Post
 

 

Sounds to me more like a phishing attack.

 

Person receives fake Apple email to their private email account, which was obtained previously (maybe from one of those large credit card hackings, like at Target) and they are prompted to confirm some innocuous information and their password... Boom.

where does it sound like phishing?  There are other methods of targeting.

 

You think these celebs shop at Target during the holidays?  That's a stretch.

post #38 of 178
Quote:
Originally Posted by Tokolosh View Post
 

I think Kirsten Dunst owes Apple an apology. ;)

 

Kirsten Dunst ia apparently just as brain-dead in real life as the air-heads she tends to portray in her roles. "Thank you iCloud"? Apple didn't put a gun to your head, and force you to take nude selfies then upload them to the internet. Neither did Apple force you to use a shitty password, and shitty security questions. When in doubt, maybe DON'T take nude photos of yourself from your internet connected phone? Na, that would make too much sense. I have no fucking accountability, so I'll just blame "iCloud". 

post #39 of 178
Quote:
Originally Posted by Slurpy View Post
 

Kirsten Dunst ia apparently just as brain-dead in real life as the air-heads she tends to portray in her roles. "Thank you iCloud"? Apple didn't put a gun to your head, and force you to take nude selfies then upload them to the internet. Neither did Apple force you to use a shitty password, and shitty security questions. When in doubt, maybe DON'T take nude photos of yourself from your internet connected phone? Na, that would make too much sense. I have no fucking accountability, so I'll just blame "iCloud". 

 

And just yesterday, some people here were defending these pea-brained actresses, accusing others of misogyny.:no:

post #40 of 178
Quote:
Originally Posted by Tokolosh View Post
 

I think Kirsten Dunst owes Apple an apology. ;)


Sorta gives a new meaning to "Eat your words."—◊

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts