Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Sep 1, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Apple is investigating an alleged breach of several celebrity iCloud accounts that may have allowed hackers to access the private photos and videos of multiple well-known actresses, according to a statement an Apple spokesperson gave to Re/code.
    Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material.

    Security researchers have postulated that weak passwords and a lack of two-factor authentication may have led to the breach if iCloud is the source of the leaked images, and it's also possible that a Python script shared on Github a few days ago may have allowed hackers to exploit a vulnerability in Find My iPhone.

    As described by The Next Web, the tool allowed hackers to repeatedly guess passwords without being locked out of an iCloud/Apple ID account, brute forcing their way into accounts. Though it is unclear if the tool was responsible for any hacked celebrity accounts, Apple did fix the vulnerability earlier today. Attempting to use the tool now locks an Apple ID after five attempts to guess a password.

    Multiple security researchers have suggested that any iCloud attacks may have been preventable with two-factor authentication, which Apple first introduced in March of 2013. The two-step verification system adds an additional layer of protection for Apple accounts, requiring both a security code and a "trusted" device to log into an account, in addition to a password.

    Article Link: Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts
     
  2. macrumors 65816

    impulse462

    Joined:
    Jun 3, 2009
    Location:
    SF Bay Area
    #2
    I love some people were so mad about the NSA violating privacy, but are praising some random guy who pretty much did exactly what the NSA does.

    Anyway, I feel bad for the celebs, but typical 4chan.
     
  3. macrumors 6502a

    Dekema2

    Joined:
    Jul 27, 2012
    Location:
    WNY
    #3
    So now it's confirmed. On reddit all I've seeing is that iCloud was "speculated" to have been the source.
     
  4. Sonmi451, Sep 1, 2014
    Last edited: Sep 1, 2014

    macrumors 6502a

    Joined:
    Aug 28, 2014
    Location:
    in my Tesla Model S
    #4
    edit: starting to doubt this is iCloud hack. Lots of evidence pointing in other directions. We'll see what happens...
     
  5. macrumors newbie

    Joined:
    Jan 21, 2014
  6. macrumors regular

    Joined:
    Jun 6, 2013
    #6
    thus why the cloud should die for personal use
     
  7. 3bs
    macrumors 603

    3bs

    Joined:
    May 20, 2011
    Location:
    Dublin, Ireland
    #7
    No it's not confirmed yet. I don't know why MR hasn't mentioned it but on The Verge they have mentioned it's not confirmed yet.
     

    Attached Files:

  8. macrumors 6502a

    Joined:
    Sep 25, 2007
    #8
    Sad that this occurred. If it did come from iCloud, Apple is probably going to face some pretty steep fines/lawsuits regardless of the password strength.
     
  9. macrumors 65816

    Joined:
    Feb 4, 2011
    #9
    Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

    I'm sure some of them will be happy they get some mention in the news nowadays.
     
  10. cdmoore74, Sep 1, 2014
    Last edited: Sep 1, 2014

    macrumors 68000

    Joined:
    Jun 24, 2010
    #10
    Earlier today in Cupertino:

    Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

    Phil – Talk bad about Android fragmentation as we always do!

    Tim – You’re right! Android distribution numbers are always a classless punchline during our keynotes.

    Phil – Lets have Craig do it. We can throw in a joke about his hair.

    Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.
     
  11. macrumors 6502a

    Joined:
    Aug 28, 2014
    Location:
    in my Tesla Model S
    #11
    That's a pretty big vulnerability they left open. I wonder if Apple will now force people to use 2 step authentication. As annoying as it is, it works.
     
  12. macrumors 604

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Germany
    #12
    lord knows how many people dont actually know what they r doing and had no idea it was going to upload every pic to the cloud using the photostream feature lol
     
  13. macrumors newbie

    Mr.Skynet

    Joined:
    Mar 3, 2014
    #13
    The internet is referring to the incident as "The Fappening". Be sure to tell your grandkids.. You were there.
     
  14. macrumors 6502a

    Xenc

    Joined:
    May 8, 2010
    Location:
    London, England
    #14
    Apparently some photos were "deleted a long time ago". The were probably taken from Photostream, if iCloud was the source.
     
  15. macrumors 6502a

    Joined:
    Aug 28, 2014
    Location:
    in my Tesla Model S
    #15
    While not confirmed, the statement from Apple PR doesn't sound great. They should know by now if they were at fault.
     
  16. Editor

    jclo

    Staff Member

    Joined:
    Dec 7, 2012
    Location:
    California
    #16
    It's still not clear if iCloud was the only source, but it certainly looks like at least a portion of the photos were obtained that way.
     
  17. macrumors member

    Joined:
    Sep 17, 2007
    Location:
    Woodside, CA
    #17
    Is anyone else having trouble logging into the iCloud website today?

    My account was working fine until this morning, but now I get "Set up iCloud on a device to use iCloud.com. Your Apple ID must be used to set up iCloud on an iOS or OS X device before you can use iCloud.com"

    But my account has been in use on both my iPhone and Mac for ages.

    Anyone else or just me?
     
  18. macrumors 68000

    Joined:
    Jun 24, 2010
    #18
    Took you long enough to post MacRumors. This has been reported by over 50% of the tech websites hours ago.
    I guess unconfirmed Apple news from unconfirmed sources are more important to post before something that actually happened.
     
  19. macrumors 6502a

    Xenc

    Joined:
    May 8, 2010
    Location:
    London, England
    #19
    iCloud works fine for me in the UK. I don't have Photostream enabled.
     
  20. 3bs
    macrumors 603

    3bs

    Joined:
    May 20, 2011
    Location:
    Dublin, Ireland
    #20
    I guess it's better that they acknowledge it and say they're working on it than completely ignore it and risk their customers thinking they don't value their privacy/security.
     
  21. Editor

    jclo

    Staff Member

    Joined:
    Dec 7, 2012
    Location:
    California
    #21
    There's no indication at all that the Github tool was used to access the photos (as mentioned in the post), but there's a lot of speculation leaning that way given the timing of Apple's patch.

    I've also seen theories that these photos were collected over a very long period of time. Even if the Find My iPhone exploit wasn't used to gather the photos, it looks like some of them did come from hackers getting access to iCloud accounts (likely through phishing scams).
     
  22. macrumors 6502a

    Joined:
    Aug 28, 2014
    Location:
    in my Tesla Model S
    #22
    I think you just want to criticize Apple and/or Macrumors. Kind of a waste of time if you ask me, but hey don't let me tell you what to do.
     
  23. macrumors 6502a

    Xenc

    Joined:
    May 8, 2010
    Location:
    London, England
    #23
    Legal team are probably hard at work on what the public response, if any, will be.
     
  24. macrumors regular

    Joined:
    Feb 18, 2009
    #24
    If Apple didn't have a brute-force protection, it is not celebs' fault. We should wait and see...
     
  25. macrumors 6502

    SgtPepper12

    Joined:
    Feb 1, 2011
    Location:
    Germany
    #25
    I don't get why people are defending Apple on this one. You sound like you work for Apple's PR. At this point it is absolutely obvious that it's Apple's fault. They left their platform wide open for attacks like that.
     

Share This Page