A YouGov survey of more than 1,000 American consumers commissioned by security company Tresorit found that just over a third of them have taken steps to beef-up their online security in response to the iCloud hacks.
The most common response was to change passwords for stronger ones, with 13 percent creating different passwords for each online service and 6 percent enabling two-step verification …
The celebrity nudes obtained from iCloud appear to have been accessed as a result of conventional attacks rather than anything iCloud-specific, an Apple statement confirming our own theory that a combination of phishing and security questions were used.
Metadata analysis suggests that the hackers were able to obtain complete backups of the iPhones targeted. A criminal investigation into the leaked photos is being led by the FBI.
Apple has promised a number of security improvements in response to the hacks, including push notifications when someone tries to change a password, restore from iCloud to a new device or logs in to iCloud from an unknown device. It will also be “aggressively encouraging” use of two-factor authentication, which will be extended to cover accessing iCloud from a mobile device.
FTC: We use income earning auto affiliate links. More.
How about an option for “I’ve done nothing because everything on the list was already being done” so we could gain some insight into that 65% no response.
That would be useful, but I suspect that would be a pretty small proportion of that 65% – and a strong overlap with 9to5Mac readers …
Also, 30% of 1000 people is hardly an indicator of the entire nation. Especially given the context. I don’t expect any material difference in the effectiveness of similar password attacks in the near future without additional measures implemented directly by the service providers.
Do you happen to have a source for this study where I can look at the original results?
It’s not online as far as I know – what we reported is what we have
Here would be some good improvements to the security. 1. Encrypt the data on icloud 2. Only allow the data to be downloaded to an authorized device and to become an authorized device you need to sign in with your email and password or if you want to take it a step further send a code to other authorized devices that needs to be typed in to download the data. 4. require all password to be reset as well as security questions and make those questions a little more difficult so someone can’t just guess it. 5. Send an alert to other authorized devices if a failed attempt has been made to sign into the icloud account, not just if someone was successful. Some people may find some of these a pain but if this incident has taught us anything it should be that sometimes drastic measures are needed for your data to be secure.
I don’t think it’s appropriate to call it “iCloud hacks” at all.
I’d be surprised if even half the content leaked came via iCloud.
I agree. It would be good to stop repeating what other people are saying what they don’t know what they’re talking about.
Apple has confirmed iCloud was at least a significant source, and I think Cook would have been keen to point out if it was the source for only a minority of the photos: http://9to5mac.com/2014/09/04/tim-cook-addresses-icloud-photos-hacking-says-major-security-improvements-coming-soon/
They’re taking the high road. If in doubt, grab a large set of the leaked content yourself and start looking. I did.
Post an analysis? Would be interesting to see.
But there is no evidence to show that iCloud was/has been hacked. Some people use are victims to phishing schemes and insecure passwords:
It’s the term “Hacked” that I take issue with. iCloud was not hacked. ‘…online security since the iCloud Social Engineering leaks took place.” would be a less click-bait-y headline that more accurately depicts what happened.
Using the term “Hack” in the public space makes people think they fell victim to an attack they couldn’t prevent, because “OMG l337 h4x0rs.” Call it what it is and raise awareness so that people go “Oh! Social engineering? What’s that?” and become more informed.
I get that this is a ‘business,’ but you’re journalists. You should be held to a higher standard.
Hack (n): gain unauthorized access to data in a system or computer.
Ben, technically, it was “authorized” access because iCloud did not supply or leak the passwords- they were inputted correctly. Unless iCloud can read minds, it has no way of knowing that the real user wasn’t the one inputting the correct password. It wasn’t a “hack”.
That’s an interesting interpretation of authorized, but not one I’d share.
Whether the method used was phishing or exploiting weak security questions, these were hacks
I modified my social media privacy settings about two years ago. It’s called deleting my accounts and EMAILING, CALLING, and VISITING the people I love. I somehow feel more social…
Good for them… My password is like 16+ characters. I’m good…
I hope you meant “passwords are” – plural :)
Ya.
In other news, 35% of the population has nude selfies on their phones.
What a misleading headline and conclusion. The people who would take the effort and energy to respond to such a survey are much more likely to be the type of people who would be more aware of security, and would take action to improve this. Its not an objective sample size in the least. 35% seems insanely high.
This is a panel survey …
I did nothing. My nuddie pics are the stuff of bad dreams, so nobody wants them.
how about “I’m not a celebrity so I got nothing to worry about” lol