icloud

Apple has responded to this week’s hackings of celebrity iCloud accounts, which resulted in postings of private photographs. Here’s Apple’s statement in full:

CUPERTINO, Calif.–(BUSINESS WIRE)–We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

Apple says that it conducted an investigation for more than 40 hours, and denies that iCloud or Find my iPhone was actually breached. Apple is presenting this as a very targeted username, password, and security questions hack on “certain celebrity accounts.” Apple recommends that users utilize the 2-step verification service for Apple IDs/iCloud. The company also says it is continuing to work with law enforcement on finding the hackers involved.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

54 Responses to “Apple denies iCloud/Find my iPhone breach, says ‘very targeted attack’ hit certain celebrities”

  1. coolfactor says:

    They were “outraged”? I don’t ever recall Apple responding with such emotion before.

    Liked by 3 people

  2. Still very bad timing for announcement of the most overhauled iPhone yet.

    Like

  3. They were “outraged” of course i don’t blame them. if someone was saying something you developed and provide as a service was the source of all this. it’s easy to point fingers, and apple is always the first one people point to when their product is involved.

    Liked by 3 people

    • yes, but most people these days can’t be bothered about their passwords.

      dear internet,

      use https://howsecureismypassword.net to actually help you to create strong passwords that you can remember.

      sincerely,
      everyone who has ever gotten their account hacked

      Like

    • If the photos were hacked from the iCloud service then apple is to blame too. Even with a weak password, I can’t imagined they guessed it on the first try, and that many people, and deleted pictures too? Is apple’s fault as much as the users, if you are going to upload all their information to your services, then protect them better.

      Like

      • Granted after reading an article by Nik Cubrilovic about it I think that Apple is partially at fault in this, but your statement is like saying the locksmith is at fault if you leave the key to your house under the doormat and someone uses that key to break into your house.

        Like

      • I have to disagree with you GQ. apparently you don’t know much about hacking. Hackers will do whatever they can to get in to any system and view/download sensitive data. Look at breaches in the past in the government. Was it the government’s fault? Not entirely. Don’t just blame apple because the hackers don’t have a name or a face to put on them yet.

        Like

  4. “Outraged”?!?! Are you serious? Theres a war going on between Russia and Ukraine and THIS outrages Apple?

    Furthermore, if no breach of iCloud, Find my iPhone features, then why is Apple working with law enforcements to find the hackers? It has nothing to do with Apple and everything to do with celebrities being stupid enough to take naked photos and poor passwords.
    Lets face it, you think most of the celebrities have a university education? I rest my case.

    Liked by 2 people

    • Because they have resources that can be helpful to law enforcement and they’re committed to security and privacy. Why must everything be some kind of anterior motive when someone does something because they simply have the capacity to do it? Why must it always be because of some form of guilt?

      Liked by 2 people

    • herb02135go says:

      I think an Apple response could have been better.
      Outrage wasn’t the adjective I’d recommend. Maybe “concerned” is more appropriate.

      If Apple is going to issue a statement for any product failure, or suspected product failure, they will be busy.

      Remember: this is a side of the company that needs to be visible from time to time. Job justification.

      Liked by 1 person

    • they brought Apple into this so apple is going to defend their reputation at what ever costs… Russia and Ukraine didn’t say we’re at war because of apple.

      Liked by 1 person

    • Why the hell would Apple comment on a war? By your logic I can’t be outraged by something bad in my life because people have it worse than me. Ugh.

      Liked by 1 person

      • About Russia & Ukraine, that was a just an example to show perspective about what it takes to be really “outraged” about.
        Not that Apple should/or could involve itself in that war.

        To be outraged about a handful of celebrities is a little rich. Especially since the celebrities themselves are partly to blame.

        Liked by 1 person

      • standardpull says:

        Visit our new blog, 9to5Kiev.com where we talk about the only thing you’re allowed to get angry about – the war between Russia and Ukraine.

        Liked by 2 people

      • spiralynth says:

        >> André Hedegaard Petersen says:
        About Russia & Ukraine, that was a just an example to show perspective about what it takes to be really “outraged” about.

        In case you didn’t see “the memo”, the following are the proper emotions one should experience:

        - Insult: offended
        - Samdung trolls on Apple sites: annoyed
        - Fired from job: mad
        - Punched in the face: furious
        - Theft of celebrity photos: outraged
        - War between Russia & Ukraine: infuritated

        Like

      • @Spiralynth,
        Thanks for the pointers. No, I didn’t get that memo, I got a different one.
        You know, one that differentiates between personalised attack vs. public attack on someone else.

        Outraged/insulted/offended at losing your job could happen.
        Outrage over someone elses photo things is nonsense.

        I suspect Apple were “outraged” because they felt wrongly accused.

        Like

    • icrew says:

      I think the non-consentual sexual violation of 100+ people is entirely worthy of outrage by any reasonable person or company.

      Liked by 3 people

      • Violation? We’re talking about pictures here, not anything physical.
        And could help exposure of some of the lesser known celebrities into the consciousness of people.

        Liked by 1 person

      • icrew says:

        Wouldn’t you feel violated if sexually-explicit pictures of you, or your significant other, or of your child were posted online for millions of people to gawk at? Celebrities are people too, entitled to just as much an expectation of privacy as the rest of us.

        And yes, violation and abuse can most definitely be non-physical. (Can’t believe that I actually have to explain that in this day and age. Sigh.)

        Liked by 2 people

      • @icrew, I think Apple should be outraged, that people pointed fingers at them. Apple should feel violated in this regard.
        Celebrities that show tits on screen is ok, but a naked photo is a massive hype?
        I think the problem is how they use their phones to take such pictures.
        And how are they abused exactly? No-one laid a finger on them.
        They should learn like Paris Hilton, suck it up, accept it for what it is and move on.
        Either that or don’t take such pictures. Not their fault directly of course, but they do play a role in this.
        Especially since they know they’re celebrities, they should take more precautions.
        Far more important things in the world than to see Jennifer Lawrence nipples.

        Like

    • lycius84 says:

      They provided an update on something that was thought to be their problem. I don’t remember or care who’s agent it was that mentioned Apple in this mess and claimed it was from their services. Apple would feel outraged someone would try to hack or abuse their service to steal private info stored at their servers and started to investigate. I can honestly say Apple could care less who the celebrity was. The issue here is, the public has blamed Apple, the pressure was put on them and data was stolen from them.

      No clue why you would want to compare this to the Ukraine & Russia issues.

      Like

  5. icrew says:

    Hopefully this will prompt Apple (and other vendors) to change two-factor-authentication from opt-in to opt-out (with nice big warnings about why opting out is a bad idea…)

    Liked by 2 people

  6. Thank you Tim (pbuh) for your dedication and resolve in proving this wasn’t iCloud.

    Liked by 1 person

  7. hellcatm says:

    apple denies. They denied antenna gate when it first happened, they a lot of things. You know apple is lying when someone who works at apple opens his/her mouth.

    Liked by 1 person

  8. It’s a classical corporate statement: it lies by telling the truth

    They say that some accounts have been compromised but that iCloud or Find My iPhone had not been breached.
    That’s technically true, the system has not been breached becouse the attackers found the password by brute force. But that was possible because Apple forgot to implement a simple security measure like locking accounts after a number of failed tries. That is what made the brute force attack possible.

    They suggest to enable two-step verification but, according to apple support page, two-step verification protects from account information changes and would not have prevented the pics theft.

    This statement is almost an admisssion of being guilty, it would have been veri different if they had been clear of blame

    Liked by 1 person

  9. They replied relatively quick (compared to past incidents)…seems like it’s very critical they try to be as transparent as possible here. They need to ensure iCloud is secure and work endlessly to maintain that security before users lose trust in it. Especially, if they plan on utilizing credit card information for a payment system.

    Liked by 1 person

    • herb02135go says:

      They are weaseling.
      But if the company can’t secure nude photos of b-list actresses, it can’t secure something of real value.

      Kudos to those who exposed the breach.

      Like

      • For your information, it wasn’t iclouds security that caused the breach.

        little more was to blame than sucky passwords, easy-to guess security questions and cameras being on when they shouldn’t.

        Like

      • I don’t know why I’m not able to reply to Computer_Whiz123 so I’ll reply here:

        Yes it was iColud’s security that caused the data theft: if Apple had implemented some limitation on password guesses all of this wouldn’t have happened, and this kind of protection form brute force attacks is quite basic

        Liked by 1 person

      • herb02135go says:

        Apple has some ‘splainin’ to do, as Ricky Ricardo used to say.

        Like

      • bb1111116 says:

        The evidence for a brut force attack is not certain. As stated in a comment on The Verge;
        - “The age of the photos, the filenames, the EXIF, the different services that were used, the different phones evident, what we know about illegal photo trading, etc., all point to standard phishing attacks over a number of years. Nevermind that there’s simply no way for a brute force attack of this nature, over the network, to have anywhere near this sort of success in 2 days.”

        Liked by 1 person

  10. This sounds like an engineer wrote it and a PR intern approved it.

    Liked by 1 person

  11. I don’t know everyone if jumping to Apple’s defence saying they are not at fault here. I’d hope the security hole wasn’t as simple as correctly answering the security questions, which are for the most part one word answers. If this is the case then they significantly reduced the ‘scope of attack’ to common words and names in particular.

    Apple even say it right there in their statement it was an attack on username, passwords and security questions. I suspect perhaps there may have been an unlimited number of attempts to guess answers to security questions.

    Like

  12. optech says:

    One of the important factors (pun intended) here is the fact that Apples 2-factor authentication does not provide proper protection as outlined here: http://arstechnica.com/security/2013/05/icloud-users-take-note-apple-two-step-protection-wont-protect-your-data/ and here: http://www.economitech.com/2014/09/apple2step.html.

    Like

  13. anon says:

    I believe Apple’s claim is false. What means would the hacker have to identify what email address was associated with the “targeted” victims. It could have been anything ranging from jlaw@gmail.com to donthackmebro@somerandomdomain.com.

    Like