Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts
- Thread starter MacRumors
- Start date
- Sort by reaction score
A lot of misinformation, but here is the truth
A number of iCloud accounts were brute-forced through "Find My iPhone" using the iBrute script. Once the iCloud account password was found, the hackers downloaded the device backups from the accounts.
The backups gave the hackers access to all photos (whether on photostream or not). It also gave them access to all text messages, contacts, and notes. With this information they were able to target other celebrities.
Some of the photos were not taken on iPhones, because those pictures were sent by the celebrity to others through text messages/email and ended up on iPhones that were backed up to iCloud.
Some of the photos were from the boyfriend/husband's iCloud account and not the celebrity's. The boyfriend/husband either took the photos or were sent the photos by the celebrity.
(this info came from emails of the hacker that was posted on 4chan)
A number of iCloud accounts were brute-forced through "Find My iPhone" using the iBrute script. Once the iCloud account password was found, the hackers downloaded the device backups from the accounts.
The backups gave the hackers access to all photos (whether on photostream or not). It also gave them access to all text messages, contacts, and notes. With this information they were able to target other celebrities.
Some of the photos were not taken on iPhones, because those pictures were sent by the celebrity to others through text messages/email and ended up on iPhones that were backed up to iCloud.
Some of the photos were from the boyfriend/husband's iCloud account and not the celebrity's. The boyfriend/husband either took the photos or were sent the photos by the celebrity.
(this info came from emails of the hacker that was posted on 4chan)
Don't use a terribly weak password and then get pissed when your data gets compromised. Internet security & common sense 101.
Because the assumption of any clear thinking person is....A person knows where they store sensitive stuff like that..
That may be the truth but simply because that's a hacker's claim doesn't mean squat. The developer of the exploit says he's seen no evidence that his exploit was actually used. Of course, if we had to wait for facts, macrumors would cease to exist.
Different people can find the same security hole at the different times. Is the developer stating that he has seen no evidence that his script have been used or that he has seen no evidence that someone has gaining access through the exploit (which is something he's unable to state)?
The collecting predates the publication of iBrute by at least weeks.
Clear thinking people don't make such stupid assumptions. The pics 1) were taken on a device, 2) by someone else, 3) others had access to the device, 4) they were on her computer, 5) and transmitted to the cloud by wifi, which was not necessarily secure. There are other means as well for someone to grab those pics.
----------
He's just saying no proof yet, which is what others should be waiting for.
It was posted as email screenshots by other hackers who had email conversations with the hacker (before and after the photos were released).
The accounts were allegedly hacked weeks ago, and the photos had been circulating within hacker community for some time before they found their way onto 4chan
It may be completely fabricated, but it is the most plausible explanation I have heard so far. The iBrute and "Find My iPhone" vulnerability are well documented as being real.
How would the developer know? He just wrote a script.
Apple may know when they see an iCloud account has had thousands of failed login attempts.
Seriously, crap like this needs to stop. These people trusted the security of their services because these companies *want* us to trust the security of their services. They are victims and should not be blamed.
I am as big an Apple fan as anyone but if the hackers used brute force to get into these accounts then they should be shamed and they need to make changes, fast. For their sake I hope that it wasn't just iCloud because that's a very dark cloud going into next week's keynote.
There's plenty of blame to go around but to pretend like these people are blameless is foolish. Fact is this wouldn't have happened if they used a secure password.
Using a weak password to secure your data in this day and age is like playing with matches and gasoline. Don't be surprised when you get burned.
Ok - so you do want to blame the victim.
Poor analogy. Playing with fire and gasoline is causing harm to yourself. Perhaps you should look at this as someone pouring gasoline on you and lighting a match just because you happened to walk by without wearing flame retardant suit.
Whatever. You want to pretend like the people have no blame whatsoever and that's just not true. Playing with fire and gasoline is causing harm to yourself, yes. So is using a weak password to secure personal data. Data breaches are all over the news almost daily. If people still can't learn to use a secure password then, yes, they are partly to blame. Or is personal responsibility just a thing of the past?
Hopefully the best thing to come out of this breach is that it will wake the masses up and they'll realize they should start using real secure passwords if they care about the integrity and security of their data.
Except in this case they pretty much left the door unlocked.
And yet, the photos did not originate on 4chan rather a celebrity photo trading site (AnonIB) where the photos were collected over long periods of time from several sources.
But lets not let facts get in our way.
Don't try to back track now just because their is evidence pointing at Apple being at fault.
Let's see Kirsten Dunst has clearly blamed iCloud, Apple is known to have released a security patch over the American holiday weekend, which fixes the hole these hackers claim they breached, yet people on here STILL refuse to see this as anything Apple has done, or that the photos came from iCloud accounts.
Right..
Trespassing is still a crime.
And nothing is completely secure. So no matter what happens in the future - even with passwords being uber creative and 'secure" - there will always be victims.
I don't believe blaming victims is the right 'angle" here. Especially since they were completely exploited. And in hopes of making money off of their private documents.
This is not just a security issue. Go read this blog entry to better understand why you shouldn't be blaming the victim.
http://www.dailylife.com.au/news-an...otos-of-jennifer-lawrence-20140901-3eo6s.html
So one of the victims of the attack blaming Apples service is not 'factual' enough for you now? What is, Tim Cook stating it?
So one of the victims of the attack blaming Apples service is not 'factual' enough for you now? What is, Tim Cook stating it?
Did you run into a door or something? No, the victim of a photo grab, who has no idea how the photos actually were obtained, blaming the deepest pocket in the room, is not factually enough for me. YMMV.