When the celebrity nudes story broke back in 2014, it was headline news in the mainstream media. The story was that ‘iCloud had been hacked.’ The truth, of course, was a little different. As we suspected at the time, and Apple later confirmed, the ‘hack’ wasn’t really any such thing. A combination of two techniques were used to gain access to the iCloud accounts.
First, phishing: sending emails designed to look like they were from Apple asking the celebrities to login to their accounts, and directing them to a fake website made to look like the real thing. Second, guessing the answers to security questions – something easier to do with celebrities given the amount of biographical information available in the public domain.
That’s not to say Apple was entirely blameless. iCloud did not, at the time, offer two-factor authentication. Given that an iCloud backup is a near-complete copy of all the data stored on an iPhone, that was something which should have been included from the start. But the bottom-line is that iCloud itself wasn’t really hacked in any meaningful sense of the word.
It was this week confirmed that phishing was the approach taken by the main offender in this case. In other words, nothing whatsoever to do with iCloud security. This news hasn’t resulted in a single headline in the mainstream media. The average non-tech person out there still believes ‘iCloud was hacked’ …