Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

1246789

Comments

  • Reply 61 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:
    Originally Posted by chadbag View Post

     

     

    There is a reason these people are famous and people want to see pics of them, and it isn't because of their brains...

     

    /end sexist but true remark


     

    Agreed!

     

    It's not like pervert hackers are downloading scans of these women's brains and admiring them!

     

    Oh my, what a lovely cerebellum she has! Her temporal lobe seriously turns me on man!

  • Reply 62 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by imt1 View Post

     

    Sometimes its easier to gain access to someones info by going the security question route vs. guessing at the password. 


     

    Pro tip.

     

    Don't answer security questions with a real answer.

     

    If you went to elementary school at PS 123, then you don't give that as an answer when it asks you what school you went to.

  • Reply 63 of 178
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    Agreed!

     

    It's not like pervert hackers are downloading scans of these women's brains and admiring them!

     

    Oh my, what a lovely cerebellum she has! Her temporal lobe seriously turns me on man!


     

    Yeah, they re not usually the brightest peas in the pod and maybe have to have simple answers and passwords so that they will remember them.

  • Reply 64 of 178
    Quote:

    Originally Posted by gwmac View Post

     

    I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username. 


     

    I don't use passwords I can remember on any site I care about my security. I mash keys on the keyboard and save it in an encrypted store. I must authenticate to get access to my password and do the copy and paste thing. Works great and no one is guessing my passwords anytime soon. I also highly recommend this method for user name selection too. The bank doesn't need my name in my user ID, so why should I put it there and lower my security. Also, I store the made up answers to my security questions in the same encrypted store. So there will be no guessing as to the answers as they are fabricated per account. You don't need to give the bank your mothers real maiden name or her real birthdate. Using public record data for recovery authentication is just dumb. It is just as bad as every place trying to use the last four digits of your social security number.

  • Reply 65 of 178

    Um, well that's ok then?  We don't have to worry about our accounts being compromised unless we're celebrities being targeted?  Did I get that right?

  • Reply 66 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by iVince View Post

     

    Um, well that's ok then?  We don't have to worry about our accounts being compromised unless we're celebrities being targeted?  Did I get that right?


     

    If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.

  • Reply 67 of 178
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.


     

    iCloud was not compromised and it was a targeted attack (IMO, likely a phishing attack but no one is confirming or denying this).

  • Reply 68 of 178
    imt1imt1 Posts: 87member
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    Pro tip.

     

    Don't answer security questions with a real answer.

     

    If you went to elementary school at PS 123, then you don't give that as an answer when it asks you what school you went to.


    I said that. 

     

    However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites.  If someone literally hacked one site they then can easily gain info from all your sites then using the same answer. 

  • Reply 69 of 178
    What Apple is saying is iCloud was not broken in to and encrypted photos et al were not taken and decrypted. What they are [I]slyly[/I] saying is the hackers figured out how to login as the celebrity through some other means and then downloaded the pics. Two completely different things.
  • Reply 70 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by imt1 View Post

     

    However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites.  If someone literally hacked one site they then can easily gain info from all your sites then using the same answer. 


     

    Yes, many people do probably do that, and they will one day come to regret it, because if and when they do get hacked, everything will be vulnerable. Sucks to be them I guess.

  • Reply 71 of 178
    Quote:

    Originally Posted by alcstarheel View Post



    What Apple is saying is iCloud was not broken in to and encrypted photos et al were not taken and decrypted. What they are slyly saying is the hackers figured out how to login as the celebrity through some other means and then downloaded the pics. Two completely different things.

     

    Phish. Ing.

  • Reply 72 of 178
    fallenjtfallenjt Posts: 4,053member
    Once and for all, if you rent a public storage, someone stole your key and gained access to it, do you blame the storage rental place or yourself? Same thing here.
  • Reply 73 of 178
    MacProMacPro Posts: 19,718member
    philboogie wrote: »
    1) Good article, and quick. Thanks for that.

    2) This is incorrect: I cannot "change my security questions"

    700

    OMG, your favorite singer in high schools was ********** too? What a coincidence. :D
  • Reply 74 of 178
    MacProMacPro Posts: 19,718member
    imt1 wrote: »
    I said that. 

    However, most people will also use the same answers across all sites that have the same or even any security questions. No different then using the same password across all sites.  If someone literally hacked one site they then can easily gain info from all your sites then using the same answer. 

    Meanwhile thousands of people simply answer phishing emails, that 'seem' to come from Apple, and voluntarily give their user name and passwords to whoever sent the email.
  • Reply 75 of 178

    In other news:  www.theverge.com/2014/9/2/6098347/home-depot-investigating-potentially-massive-credit-card-hack

     

    Home Depot hacked.

     

    I think all of these targets of hacking will come crawling to Apple for a secure transaction solution.

  • Reply 76 of 178
    tenobelltenobell Posts: 7,014member
    Quote:

    Originally Posted by Apple ][ View Post

     

    So most likely the majority of those celebs were stupid, careless and ignorant.

     

    They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.

     

    And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.


     

    I emphatically do not agree with blaming the victim for a crime committed against them. 

  • Reply 77 of 178
    Quote:
    Originally Posted by Apple ][ View Post

     

     

    If you're not a celebrity and you're a regular person that is bright enough to have secure passwords and good security answers, then you are fine.


     

    It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy.  Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker.  Basically to act as an extra measure for people that don't care about their password or questions being rubbish.

  • Reply 78 of 178
    Quote:
    Originally Posted by iVince View Post

     

     

    It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy.  Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker.  Basically to act as an extra measure for people that don't care about their password or questions being rubbish.


     

    From Apple's PR:  "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone."

     

    It may have been a breach of Twitter (for example), which could've yielded email addresses and passwords that were re-used for their iCloud login. 

     

    As the investigation is ongoing, they are not going to tip their hand yet.

  • Reply 79 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by TenoBell View Post

     

    I emphatically do not agree with blaming the victim for a crime committed against them. 


     

    I don't have any problems with blaming the victim. I mean, it all depends on the circumstances.

     

    If somebody chooses to walk around in an area of town that is known to be unsafe and crime infested at 3am and they are flashing around money or wearing expensive jewelry, do they deserve to be shot and robbed? No they do not, but it is certainly understandable if it happened to them.

     

    The internet is not a safe place. There are all sorts of scumbags and criminals on the internet, and I'm sorry, but I can not feel sorry for anybody who gets their account broken into, if they had a password like "cat" or "dog".

     

    And I especially don't feel sorry for anybody who falsely accuses Apple for their problem.

  • Reply 80 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by iVince View Post

     

     

    It just strikes me as worrying that if a small subset of society (celebrity) can be hacked, and these targeted individuals all had poor passwords and/or security questions, then a lot of people can be hacked there by rendering iCloud unsafe for a lot of people by virtue of their own idiocy.  Surely iCloud needs an extra security measure, like a unique alpha numeric pin or something, or something that can't be retrieved or searched for by a hacker.  Basically to act as an extra measure for people that don't care about their password or questions being rubbish.


     

    Sure, I wouldn't have any objections if Apple implements even stronger security, especially since they are going to be rolling out their new payment system.

     

    I have a few different bank accounts, and some of them use a hardware dongle in addition to regular passwords when you log in.

Sign In or Register to comment.