No iCloud breach, says Apple

Cupertino says celebrity accounts hacked in targeted attacks; suggests strong passwords for all

Tags: Apple IncorporatedCyber crimePrivacyUSA
  • E-Mail
No iCloud breach, says Apple Apple denies a breach of any of its services. (Getty Images)
By  Stephen McBride Published  September 3, 2014

Apple Inc has tried to distance itself and its iCloud from blame in the theft of personal photos belonging to over 100 female celebrities.

PROTECT YOURSELF: Passwords to avoid

The iPhone maker released a statement in which it denied any breach of any of its services, including iCloud and Find My iPhone.

Hunger Games actress Jennifer Lawrence, singer Rihanna, and reality TV star Kim Kardashian were among the high-profile victims of the theft, the spoils of which appeared on rogue bulletin-board site 4chan. Apple launched an instant investigation and yesterday announced its findings.

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," it said in a statement.

"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved."

PROTECT YOURSELF: Passwords to avoid

The ICT security community has espoused a number of theories as to how the data was exfiltrated, including social engineering, and lucky guesswork on the passwords. While Apple denies a breach of the Find My iPhone service, the Financial Times cited security researchers who said that prior to a weekend update, Apple allowed an unlimited number of guesses of passwords on the service, which would have left accounts vulnerable to brute force attacks.

Apple, which launches its next generation of iPhones next week, recommended users of its cloud services use strong passwords and sign up for two-factor authentication (2FA).

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code