Not that long ago, it was reported more than 100 celebrities fell victims to iCloud “hackers” who released 100’s of compromising and explicit personal photos. List of victims include celebrities such as Jennifer Lawrence, Ariana Grande, Kate Upton and Selena Gomez to name a few. Because of this iCloud “hack”, people started claiming a breach in Apple’s iCloud storage system and even blamed Apple for lack of security in the iCloud system. After a 40 hour investigation, the Cupertino giant release a statement in an attempt to clear their name. The way Apple tells it, “celebrity accounts were compromised by a very targeted attack on usernames, passwords and security questions” and none of its systems were breached in the process, this includes both iCloud or Find my iphone. What this means is the attack was not actually much of a hack, but rather phishing and most likely the dedicated attacker would enter victims iCloud user information and click the “forgot password” option where he then would have to answer a security question in order to get access to victims account. Apparently, this was more of a direct attack towards certain targeted celebrities and nothing to do with Apple services being cracked.
The person or persons responsible for the illegal release is still unknown, but 4chan, the “ground Zero” where the explicit images are believed to originally be released, is being investigated by the FBI. Even though Apple is technically not directly involved in this massive data breach, Apple is recommending using “strong password and enable two-step verification”. Here is the full statement made by Apple below.
“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a stong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.”