Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,010
11,280



A breach of Apple's iCloud and Find My iPhone service was not involved in the recent hacking incident that saw the private photos and videos of several celebrities leaked onto the Internet, according to a press release just issued by Apple.

Instead, celebrity iCloud accounts were compromised by a targeted attack on user names, passwords, and security questions.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud(R) or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
Over the weekend, hundreds of nude photos of celebrities were leaked on 4chan before spreading to multiple Internet sites, with one of the involved hackers pointing towards iCloud as the source of the material, which quickly led to accusations of a flaw in iCloud as the reason for the leak.

Apple announced plans to launch an investigation into the matter on Monday, after a tool surfaced on Github that could have potentially allowed hackers to brute force their way into accounts via a security flaw in Find My iPhone. Though this tool allowed for multiple attempts to enter a password without being locked out of an account, it appears that it was not a factor in the recent hacking of celebrity accounts due to Apple's statement that Find My iPhone was not involved.

Apple suggests that all iCloud/Apple ID users should have a strong password and enable two-step verification to avoid similar hacking attempts.

Article Link: Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
 

TheKrs1

macrumors 6502
Apr 11, 2010
348
84
I highly doubt that they would lie about this. It does make me feel better about my personal, less at risk, privacy.
 

nfl46

macrumors 604
Oct 5, 2008
7,287
5,502
I'm not surprised. Most of us, who aren't celebrities, care more about security than celebrities do. I bet they had easy passwords, and most of their security questions answers could be found on Google.
 

maflynn

Moderator
Staff member
May 3, 2009
67,065
34,150
Boston
Sad that too many folks rely on simple passwords, regardless of their position in life.
 

SMIDG3T

Suspended
Apr 29, 2012
3,859
2,316
England
Serves them right having such a weak password.

I bet "password" or "abc123" were used.

What do you expect "celebrities"? I knew iCloud was stronger than that.
 

neuropsychguy

macrumors 65816
Sep 29, 2008
1,346
2,073
What!? My password oscar4me wasn't good enough?

/I know a lot of very intelligent people who use simple passwords and I'm not blaming the victims but we need a strong campaign educating people about what are and are not good passwords. Apple's work with suggested passwords is a great start (if only people will use it).
 
Last edited:

gotluck

macrumors 603
Dec 8, 2011
5,669
1,070
East Central Florida
if it was a breach (brute force), would apple actually admit it?

wouldn't a third party have to prove it was a breach for apple to admit it?

the same would hold true for any company, not just apple

why would any company take the heat if they didn't have to?
 

grimmace

macrumors regular
Feb 9, 2003
231
68
Boston
Why would a celebrity even have nude photos on their device? I guess they just like to take photos of themselves. (stup).
 

Doctor Q

Administrator
Staff member
Sep 19, 2002
38,267
4,686
Los Angeles
Now all the fun is spoiled. So many media outlets get attention by Apple-bashing without waiting for the facts.

I wonder how many of them will post retractions as prominent as their accusations?
 

Analog Kid

macrumors 603
Mar 4, 2003
5,476
3,856
The key phrase here for me is "and security questions". Most of those questions are biographical, and most celebrity biographies are well known.

I've always thought it was silly to say that the name of my high school was a security question-- there is nothing secure about that information.
 

saving107

macrumors 603
Oct 14, 2007
6,376
14
San Jose, Ca
One thing I learned a long time ago is that when the security question says Example: "What's your favorite food", you don't answer it with Pizza or something someone can eventually guess, you answer it completely off like "sky" or "green".

Also setting up 2-Step Verification on https://appleid.apple.com would help.
 

nfl46

macrumors 604
Oct 5, 2008
7,287
5,502
Why would a celebrity even have nude photos on their device? I guess they just like to take photos of themselves. (stup).
Just like the average person would. Since they have a pass lock on it, they think its secure. Yeah, right. If you take a nude on your cellphone, there's a chance anyone can get it.
 

Rogifan

macrumors Core
Nov 14, 2011
22,003
27,497
The key phrase here for me is "and security questions". Most of those questions are biographical, and most celebrity biographies are well known.

I've always thought it was silly to say that the name of my high school was a security question-- there is nothing secure about that information.
Make something up?
 

brianbunge

macrumors 6502
Aug 11, 2011
386
38
Kennesaw, GA
Sadly, the same thing happened to my daughter (no pics, just account hacked) by two idiot teenagers being *******s. They were able to guess the answers to her security questions and changed her password. Then they used that to hack all her social media accounts.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.