Apple says iCloud wasn’t breached in superstar photograph leak
It wasn’t lengthy in any respect after private and specific photographs of some one hundred celebrities began making the rounds when individuals began attributing the leak to a breach of Apple’s iCloud storage system. After an almost two day lengthy investigation, Apple has launched a press release to attempt to clear issues up — to listen to the parents in Cupertino inform it, the incident was a “very focused assault on consumer names, passwords and safety questions” during which some superstar accounts have been “compromised” and that none of its methods have been breached within the course of. In different phrases, we might not be taking a look at a savvy hack exploiting a Discover my iPhone safety flaw a lot as some very devoted account brute-forcing and phishing. In fact, that is to not say that the photographs in query (nicely, those that weren’t taken with Android units anyway) did not come from iCloud, simply that hackers apparently did not instantly crack the sanctity of Apple’s providers.
The precise vector of entry stays unknown proper now, however AnonIB, one of many 4chan-esque imageboards that seems to be concerned within the proliferation of this mess, appears to haven’t any scarcity of people that have been prepared and prepared to “rip” iCloud accounts in change for the correct kind of loot. In fact, one has to marvel concerning the position semantics performs in all this — whereas Apple’s techniques might not have been technically “breached”, they could nonetheless have been cajoled into giving up consumer credentials with instruments just like the now defunct ibrute. In any case, you’ll be able to take a look at the complete assertion after the bounce for your self.
We needed to offer an replace to our investigation into the theft of pictures of sure celebrities. Once we discovered of the theft, we have been outraged and instantly mobilized Apple’s engineers to find the supply. Our clients’ privateness and safety are of utmost significance to us. After greater than forty hours of investigation, we now have found that sure superstar accounts have been compromised by a really focused assault on consumer names, passwords and safety questions, a apply that has turn into all too widespread on the Web. Not one of the instances we now have investigated has resulted from any breach in any of Apple’s techniques together with iCloud® or Discover my iPhone. We’re persevering with to work with regulation enforcement to assist determine the criminals concerned.
To guard towards this sort of assault, we advise all customers to all the time use a stong password and allow two-step verification. Each of those are addressed on our web site at http://help.apple.com/kb/ht4232.