Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

[69650]

I've seen the Jennifer Lawrence pictures and there was absolutely no video involving dogs or anything else.

----------

I agree that users should know better than to upload personal pictures like this to the cloud. The only way to keep it safe is to keep it offline. Having said that I can see why people are pissed at Apple. Spend top dollar on an iPhone and you should expect better security than this.

 

[greenmeanie]

They best way not to have Naked Pictures of yourselves Online is not to take them at all. If you want to play whore then anything can happen.

Wow this thread is the stuff of legends. Every know it all on both sides is posting and beating their chests and its beyond comical. Here's the only FACTS of the case (anyone claiming to know otherwise is clueless)

1) celebrities were hacked
2) it may or may not have been through icloud

That's it. People need to stop as if they've solved the mystery when the FBI themselves are still investigating. Now to address some of the other crap in this thread:

1) NO, it is not the victim's fault. I can't believe people are even suggesting that. These pictures are private and if apple (or any cloud service provider: was brute forced, it is their fault 100%. It boggles my mind that brute forcing is even a viable option anymore. Too many ways to prevent such a thing

2) sorry, people kirsten dunst posting "thanks icloud" with an emoji of pizza and a turd with a sad face is not proof that it is Apples fault. This thread is fodder for every troll that posts here and they're talking full advantage of it. While it is seeming more and more likely that apples poor security is involved, kirsten dunsts tweet should not be offered up as proof nor is she sure how she got hacked either. I understand you guys want to jump at every opportunity to bash apple, because that's what you do, but at least try harder to present a coherent argument.

3) If it's not just icloud that was hacked I expect all you apple bashers to be posting about how poorly the other sites were secured too. Won't hold my breath because that's not part of your agenda.

Seriously, I don't know what's worse, the people blaming the victim's or the people jumping up and down screaming take that apple with zero evidence that it was (or was only) apple that was compromised.

 

[apolloa]

Wow this thread is the stuff of legends. Every know it all on both sides is posting and beating their chests and its beyond comical. Here's the only FACTS of the case (anyone claiming to know otherwise is clueless)

1) celebrities were hacked
2) it may or may not have been through icloud

That's it. People need to stop as if they've solved the mystery when the FBI themselves are still investigating. Now to address some of the other crap in this thread:

1) NO, it is not the victim's fault. I can't believe people are even suggesting that. These pictures are private and if apple (or any cloud service provider: was brute forced, it is their fault 100%. It boggles my mind that brute forcing is even a viable option anymore. Too many ways to prevent such a thing

2) sorry, people kirsten dunst posting "thanks icloud" with an emoji of pizza and a turd with a sad face is not proof that it is Apples fault. This thread is fodder for every troll that posts here and they're talking full advantage of it. While it is seeming more and more likely that apples poor security is involved, kirsten dunsts tweet should not be offered up as proof nor is she sure how she got hacked either. I understand you guys want to jump at every opportunity to bash apple, because that's what you do, but at least try harder to present a coherent argument.

3) If it's not just icloud that was hacked I expect all you apple bashers to be posting about how poorly the other sites were secured too. Won't hold my breath because that's not part of your agenda.

Seriously, I don't know what's worse, the people blaming the victim's or the people jumping up and down screaming take that apple with zero evidence that it was (or was only) apple that was compromised.

Not bashing Apple at all, just requesting a person stating as fact Kirsten Dunst does not know where she keeps her nude photos to enlighten us all to where she DOES keep them.
Also you too seem to want to chose to ignore the facts she has blamed iCloud, so perhaps you too would like to tell everyone where she keeps those photos, or are you going to claim someone hacked her home WiFi? And even then how do we know when these photos were taken, she must have been very certain they were in the iCloud and no where else for her to have blamed that service, I think she knows better than ANYONE on here about that.
As for all the other evidence that seems to have arisen, claiming this was a known security hole amongst the community that Apple only patched at the SAME TIME this story broke out. Are you going to tell me that is coincidence?

Even though you yourself in the same breath are accusing some of us as Apple bashing, that Kirsten Dunst tweeting she blames the iCloud service is NO evidence, and then you yourself claim the evidence is more and more pointing towards Apple.

So which is it? Is Apple at fault or not? And the reason this is Apples fault is that the evidence points towards a very easy hack being used to exploit a very obvious security hole, IF that's IF that is true then this IS Apples fault, and also it makes me think what else has been stolen...

 

[nooaah]

I've seen the Jennifer Lawrence pictures and there was absolutely no video involving dogs or anything else.

----------

I agree that users should know better than to upload personal pictures like this to the cloud. The only way to keep it safe is to keep it offline. Having said that I can see why people are pissed at Apple. Spend top dollar on an iPhone and you should expect better security than this.

Next time I leave a spare key under my doormat and someone uses it to rob my house, I'm sure you'll go ahead and blame the lock.

 

[samcraig]

They best way not to have Naked Pictures of yourselves Online is not to take them at all. If you want to play whore then anything can happen.

This is a disgusting attitude in my opinion.

 

[Trapezoid]

Not bashing Apple at all, just requesting a person stating as fact Kirsten Dunst does not know where she keeps her nude photos to enlighten us all to where she DOES keep them.
Also you too seem to want to chose to ignore the facts she has blamed iCloud, so perhaps you too would like to tell everyone where she keeps those photos, or are you going to claim someone hacked her home WiFi? And even then how do we know when these photos were taken, she must have been very certain they were in the iCloud and no where else for her to have blamed that service, I think she knows better than ANYONE on here about that.
As for all the other evidence that seems to have arisen, claiming this was a known security hole amongst the community that Apple only patched at the SAME TIME this story broke out. Are you going to tell me that is coincidence?

Even though you yourself in the same breath are accusing some of us as Apple bashing, that Kirsten Dunst tweeting she blames the iCloud service is NO evidence, and then you yourself claim the evidence is more and more pointing towards Apple.

So which is it? Is Apple at fault or not? And the reason this is Apples fault is that the evidence points towards a very easy hack being used to exploit a very obvious security hole, IF that's IF that is true then this IS Apples fault, and also it makes me think what else has been stolen...

I wait for the facts....and it appears you should have too. Another thread has popped up showing that the cause for the hack was not some security hole in icloud or find my iphone. But rather easy to guess passwords and security questions. No brute force required no real "hacking"necessary.

That's still not to say that its the victim's fault, because it's not. But maybe next time you'll wait for facts before getting the pitchfork out? (Maybe kirsten will too)

 

[tdmac]

Wow this thread is the stuff of legends. Every know it all on both sides is posting and beating their chests and its beyond comical. Here's the only FACTS of the case (anyone claiming to know otherwise is clueless)

1) celebrities were hacked
2) it may or may not have been through icloud

That's it. People need to stop as if they've solved the mystery when the FBI themselves are still investigating. Now to address some of the other crap in this thread:

1) NO, it is not the victim's fault. I can't believe people are even suggesting that. These pictures are private and if apple (or any cloud service provider: was brute forced, it is their fault 100%. It boggles my mind that brute forcing is even a viable option anymore. Too many ways to prevent such a thing

2) sorry, people kirsten dunst posting "thanks icloud" with an emoji of pizza and a turd with a sad face is not proof that it is Apples fault. This thread is fodder for every troll that posts here and they're talking full advantage of it. While it is seeming more and more likely that apples poor security is involved, kirsten dunsts tweet should not be offered up as proof nor is she sure how she got hacked either. I understand you guys want to jump at every opportunity to bash apple, because that's what you do, but at least try harder to present a coherent argument.

3) If it's not just icloud that was hacked I expect all you apple bashers to be posting about how poorly the other sites were secured too. Won't hold my breath because that's not part of your agenda.

Seriously, I don't know what's worse, the people blaming the victim's or the people jumping up and down screaming take that apple with zero evidence that it was (or was only) apple that was compromised.

As an addition, its entirely possible that those affected celebrities, use the same passwords across all or most of their sites. Thus, password info could have been obtained from another site or sites with vulnerabilities. Hackers then use those same credentials to access iCloud. If in fact the only source of those pics was in iCloud.

 

[Trapezoid]

As an addition, its entirely possible that those affected celebrities, use the same passwords across all or most of their sites. Thus, password info could have been obtained from another site or sites with vulnerabilities. Hackers then use those same credentials to access iCloud. If in fact the only source of those pics was in iCloud.

Another excellent point. And as the other thread shows, weak passwords were the cause and not some security breach. I'm relieved because if a company like apple didn't have a safeguard in place for brute forcing, they might as well have packed it up. That's amateur stuff, there.

 

[rish]

Wow. I really mean it, wow. I'm finding hard to read a post that is objective and clear on this forum. Moving out.

 

[Fenez]

Apple has confirmed that it was a security breach of icloud...now its confirmed.. But it was targeted at celebrities.

 

[Trapezoid]

Apple has confirmed that it was a security breach of icloud...now its confirmed..

If by that you mean apple has confirmed it WASNT a security breach of icloud, you're correct.

 

[Intelligent]

https://www.macrumors.com/2014/09/02/apple-no-celebrity-icloud-breach/

See?
Its NOT Apples fault!

 

[zioxide]

Ok. But my objection is laying blame on victims of a crime. Wouldn't it be far better/productive and human to come from a position of defense for those wronged. There are those on this thread and elsewhere on the net that are saying it's their fault. They deserve it. Not ONE of them deserves it. I agree that better educating everyone on the importance of password security is important.

I personally think that because these are celebrities, some people seem to think they "deserve" it even more. It's not their fault. They don't deserve what happened. I hope I'm being clear.

Nobody is blameless. Like I said in my post you replied to, I completely agree that nobody deserves this to happen.

But at the same time, people need to have some personal responsibility. You can't expect th

Again, thank Apple for that. Do you really think that normal users (and that includes celebrities) have any clue about password security? Why should a user be allowed to use one of the 500 most used password for iCloud? Why should Apple allow user to use simple passwords?

BTW, this critique also extends to other companies like Google, Dropbox, Yahoo, etc.

Totally agreed. Nearly every place where you use a password on the web fails when it comes to requiring secure passwords. Only recently in the last couple years do we see more places requiring real secure passwords. Maybe this will finally be the incident to wake people up and make them realize they should start taking cybersecurity more seriously. Doubt it, though.

But Apple is selling its products based on lines like "It just works" etc, and fails to probably educated their customers.

The customers also failed to educate themselves. It's not Apple's responsibility to educate their customers on how to make a secure password. People still need some personal responsibility.

 

[aPple nErd]

what you're saying is technically true.
legally true.
But i believe implementing something great goes beyond 'legally true' to doing it the right way.

i dont think 99% of people read the full terms. I'd wager that even you dont.

and you are right. i dont. and if i did end up with issues, i'd be responsible about it and blame myself because it would be my fault.

 

[rei101]

or people could just not upload personal stuff to the cloud... its really not that hard to understand.

Well... Cameron Diaz even came up with the SEX TAPE movie!!!!

Literally... what else do you want??? The Lord can not be more explicit!!!

 

[kerrikins]

They best way not to have Naked Pictures of yourselves Online is not to take them at all. If you want to play whore then anything can happen.

Taking naked pictures of yourself is not 'playing whore'. Many actresses are in long distance relationships and on top of that this is *increasingly* common among people from all walks of life. People have been taking naked pictures of themselves as long as they have had the ability to, and this will continue into the future. Stop being a judgmental prude.

Another excellent point. And as the other thread shows, weak passwords were the cause and not some security breach. I'm relieved because if a company like apple didn't have a safeguard in place for brute forcing, they might as well have packed it up. That's amateur stuff, there.

I hate to rain on your parade, but I see nothing that says that brute force was not in fact used. :/ In fact Apple's wording seems to skirt the issue rather neatly by just saying that 'weak passwords' were involved and not addressing how the hackers discovered these passwords to begin with.

 

[Trapezoid]

I hate to rain on your parade, but I see nothing that says that brute force was not in fact used. :/ In fact Apple's wording seems to skirt the issue rather neatly by just saying that 'weak passwords' were involved and not addressing how the hackers discovered these passwords to begin with.

The security hole they patched was one that allowed brute force. They said that hole was not exploited in this hack. Not sure what else you need?

 

[kerrikins]

The security hole they patched was one that allowed brute force. They said that hole was not exploited in this hack. Not sure what else you need?

Are you taking the statement where they say that Find My iPhone & iCloud weren't "breached" as proof of that? I haven't seen anything that says that brute force wasn't used. In fact, this seems to actually confirm that that's what it was:

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

I just don't know what else a 'targeted attack' could be.

 

[Trapezoid]

Are you taking the statement where they say that Find My iPhone & iCloud weren't "breached" as proof of that? I haven't seen anything that says that brute force wasn't used. In fact, this seems to actually confirm that that's what it was:



I just don't know what else a 'targeted attack' could be.

A targeted attack, at least what I understood it in this context, is that these specific celebrities were targeted. That's all it's saying. Again, the hole that they patched was NOT exploited in this hack. The hole existed in Find my iPhone. They said it was not a breach of find my iPhone. It's there in black and white.

The only other thing that it could be is Apple is blatantly lying. I somehow doubt it.

 

[greenmeanie]

No Disgusting is taking NUDEs of yourselves.

This is a disgusting attitude in my opinion.

----------

Well then file that under TOUGH LUCK when your PICS are shared.
You do realize the ADMINS of that server can see your NUDE disgusting pics right?
I see no reason why someone needs to share a PIC of them shaving their BUTT Hair.

Taking naked pictures of yourself is not 'playing whore'. Many actresses are in long distance relationships and on top of that this is *increasingly* common among people from all walks of life. People have been taking naked pictures of themselves as long as they have had the ability to, and this will continue into the future. Stop being a judgmental prude.




I hate to rain on your parade, but I see nothing that says that brute force was not in fact used. :/ In fact Apple's wording seems to skirt the issue rather neatly by just saying that 'weak passwords' were involved and not addressing how the hackers discovered these passwords to begin with.

 

[kerrikins]

No Disgusting is taking NUDEs of yourselves.




----------

Well then file that under TOUGH LUCK when your PICS are shared.
You do realize the ADMINS of that server can see your NUDE disgusting pics right?
I see no reason why someone needs to share a PIC of them shaving their BUTT Hair.

If you find the naked human body disgusting then you have some growing up to do and that's all I have to say on the matter.

A targeted attack, at least what I understood it in this context, is that these specific celebrities were targeted. That's all it's saying. Again, the hole that they patched was NOT exploited in this hack. The hole existed in Find my iPhone. They said it was not a breach of find my iPhone. It's there in black and white.

The only other thing that it could be is Apple is blatantly lying. I somehow doubt it.

Hm, I see what you're saying. I guess I just find it a bit too open for interpretation but hopefully you are right.

 

[iososx]

It's actually legal in a number of US states...

I wouldn't have a clue. But the fact that you've made the statement indicates you know the laws much better than I do.

Yet it does beg the question, just how do you know this?

 

[Sonmi451]

I see that the truth sucks for you. Every article I've read so far has the finger pointing at Apple and iCloud. Theverge.com must be this one big troll party for you I guess.

I hope you don't run a news room. You'd be printing mad retractions right now.

 

[Sdashiki]

Over 500 posts and I would guess myself that over 2/3 of the people who commented never even saw any of the photos.

I have...and let me tell you...some are ambiguous, some are definitely not.

Jennifer Lawrence...yikes, I feel so bad for you allowing someone to take photos of you like that. And Im not saying "taking naked photos is whorish or stupid" but when you straight up make HARDCORE (if youve seen them, you know what I mean) sexting part of your repertoire with your significant other you ought to take a little more care about where they end up.

Playing dumb with how your tech works is no excuse. Come on. Its some NASTY shizz in some of these photos and as the shutter went click the person in the photo didnt go "Hey, where is this gonna end up?"

 

[gnasher729]

As an addition, its entirely possible that those affected celebrities, use the same passwords across all or most of their sites. Thus, password info could have been obtained from another site or sites with vulnerabilities. Hackers then use those same credentials to access iCloud. If in fact the only source of those pics was in iCloud.

Using the same passwords in multiple places should be no problem. If it wasn't for websites who don't have a clue how to keep customer's passwords safe, it wouldn't be a problem. (Obviously you could have a website specifically set up to harvest people's passwords).

I think the real problem here is websites requiring passwords when there is absolutely no need for it. Why on earth would I need a password to order stuff from some company? That's total madness. The most idiotic one was a company giving quotes for car insurance that "needed" a password. The next year they asked for the password, which I had never written down, so they wouldn't give me a quote, which means they lost my business forever.

And annoying things like eBay (or was it PayPal) not telling us _exactly_ what information has been stolen from them. It's like printing "may contain nuts" on every single food item which doesn't help people with nut allergies but prevents them from eating anything.


----------

No. She does NOT know how those photos were grabbed. She knows they originated on some device, and she knows they were stored on iCloud. She assumes they weren't grabbed from her phone. She ignores the possibilities that they were grabbed by someone else with access to the original device or the computer they originally were on. She ignores the possibility that they were intercepted on the way to iCloud. She dismisses all the other possibilities. Better put some ice on that injury before it gets worse.

According to an article on theregister, they assume that all these photos have been collected over a long time and some swine released them now simultaneously. They also assume that some people's private data including photos was stolen with the help of "friends". So it's not impossible that a brother / sister / boyfriend / ex-boyfriend / assistant / ex-assistant / ex-boyfriend of assistant etc. had a helpful hand in all this.