Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts
Apple on Tuesday put out a strong statement in support of the security of its iCloud services, saying that a collection of stolen pictures from celebrity phones was as a result of targeted attacks based on user names, passwords and security questions.
Apple said it has completed more than 40 hours of investigation to date, and found that the iCloud accounts in question were compromised based on practices that are "all too common on the Internet."
The company's statement dispels rumors that a wider exploit of its iCloud services, including the Find My iPhone function, played a part in the leaks. Apple recommends that its users employ a strong password, and also enable two-step verification to maximize security.
The company first revealed on Monday that it was "actively investigating the incident, which saw private photos of numerous celebrities leaked onto the Internet. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they were actually privy to the technical details of the leaks.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets had cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
Since the pictures first began to surface on Sunday, reports have emerged suggesting that the images have been circulating amongst a close-knit group of hackers and others for some time. According to Gawker, the collection of pictures are as a result of potentially years' worth of work by hackers.
The fact that all of the images leaked at once led many, including a number of mainstream media outlets, to assume that the result was a massive security breach, which many to draw the conclusion that Apple's iCloud was not secure. But the statement from the company on Tuesday makes it clear that Apple has found no such flaws in its systems, suggesting that the pictures may in fact have been part of a collection that grew over the years but stayed out of the public eye.
The iPhone maker's full statement is included below:
Apple said it has completed more than 40 hours of investigation to date, and found that the iCloud accounts in question were compromised based on practices that are "all too common on the Internet."
The company's statement dispels rumors that a wider exploit of its iCloud services, including the Find My iPhone function, played a part in the leaks. Apple recommends that its users employ a strong password, and also enable two-step verification to maximize security.
The company first revealed on Monday that it was "actively investigating the incident, which saw private photos of numerous celebrities leaked onto the Internet. The original poster of the images on web forum 4chan indicated that the shots had been collected from Apple's online service, but also admitted to having gathered the photos from others, making it unlikely that they were actually privy to the technical details of the leaks.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets had cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
Since the pictures first began to surface on Sunday, reports have emerged suggesting that the images have been circulating amongst a close-knit group of hackers and others for some time. According to Gawker, the collection of pictures are as a result of potentially years' worth of work by hackers.
The fact that all of the images leaked at once led many, including a number of mainstream media outlets, to assume that the result was a massive security breach, which many to draw the conclusion that Apple's iCloud was not secure. But the statement from the company on Tuesday makes it clear that Apple has found no such flaws in its systems, suggesting that the pictures may in fact have been part of a collection that grew over the years but stayed out of the public eye.
The iPhone maker's full statement is included below:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud? or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
Comments
Indirectly this is in some way confirming the authenticity of stolen photos and videos by saying that accounts were compromised.
2) This is incorrect: I cannot "change my security questions"
[IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/47956/width/350/height/700[/IMG]
Haha, there we go!
The media can now all go and screw themselves!
Anybody who lied about this story should be demoted and they should all receive pay cuts.
The fact that many of the celebrities were shown taking "selfies" with Android or Blackberry handsets had cast even more doubt on iCloud's role. Other services, including Snapchat and Dropbox, have also been implicated at various times with similarly nonexistent levels of evidence.
While this may or may not be true, it doesn't excuse Apple from not having rate-limited iCloud login attempts:
http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/
I already had to tell a guy at lunch today that it wasn't iCloud related because people were taking pics on blackberrys and android phones.
Too bad the "news" already broke it was iCloud. Now that's engrained in less informed minds.
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
Just as I figured. I wonder if they’ll still up iCloud’s security anyway.
I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).
I’d also love to be able to write MY OWN QUESTIONS.
Haha, there we go!
The media can now all go and screw themselves!
Anybody who lied about this story should be demoted and they should all receive pay cuts.
You're awake!
so none of the photos came from an iCloud photo login being hacked? the article is confusing.
I’d also love to not be forced into having numbers and uppercase letters.
I can understand why Apple requires that.
I mean, there are so many dumb people out there. The world is swarming with dumb people, and at least that requirement forces people to not choose a password like "cat" or "dog".
Too bad the "news" already broke it was iCloud. Now that's engrained in less informed minds.
Almost as if this was orchestrated a few days before Apple’s announced event. Makes you wonder.
You're awake!
Indeed I am! I'm not an early bird, but it's 3 PM, so yes, I am fully awake!
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
Man you sure do love to generalize and make assumptions
Man you sure do love to generalize and make assumptions
Not as much as the media does!
This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.
I think Kirsten Dunst owes Apple an apology.
This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.
What is what you get? nothing happened as the leaks weren't from icloud so whats your point?
Oh and the nudes I've seen of these "stars" - they all look better with their clothes ON.
No sympathy for selfless or the stupid people that buy a phone and don't know how to use it.