I can't recommend that app seeing how I have never used it. I do recommend 1Password.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
- Thread starter MacRumors
- Start date
- Sort by reaction score
I can't recommend that app seeing how I have never used it. I do recommend 1Password.
Phishing scams are rampant, only one needs to work to gain access. That's even more frequent than the security question.
As for the security question, stars should not provide a standard googleable answer obviously.
Well, everyone is allowing weak passwords including amazon, google, dropbox etc. They more or less have the exact same standards set as minimum.
I never said it was hard to guess security questions. If they used social engineering to find their username and guessed their security questions, wouldn't changing the password send an e-mail to the hacked user? Surprised we haven't heard about that.
There isn't only one blame to assign. You don't have to choose one or the other to blame.
They both can be at fault.
The perpetrator for hacking and committing the crime. Very bad, lots of fault to assign to this person.
The celeb for not understanding the risks of taking pictures on a internet synced device and or choosing a very poor password. Derpy move, you are in small part to blame for your poor choices.
Considering how weak the passwords are I'm loath to call these people hackers. Do you we call people who walk through open doors, safe crackers ?
Not googleable, but with celebrities social engineering is always the main route to get security questions.
How on Earth. I could not get my wife's 2 step going due to her forgetting her own security questions. lol got locked out for 8 hours
Because these have been trading on a celebrity nude ring on the darknet for years. Some of the photos have been on the clearnet for ages.
It would. But these things are usually done when people are known to be not checking their emails, like when they are asleep. You only need couple of minutes.
And we probably won't hear about that. No hacked celebrity will come off and explain how they were hacked.
How do they know if the passwords are weak or not?
I mean the passwords are stored as a Hash-Value in the database.
I mean the passwords are stored as a Hash-Value in the database.
Haha, I always think of a similar comic whenever a website wants me to use an exclamation point and/or capital letter in my password.
This is way not likely an iCloud find my iPhone hack...
This was way more likely, ultimately, an authorize my ATV hack. First target iPhones in the LA area code and likely iPhone prefixes. Find out which ones respond to iMessage for SMS. This will show you iPhones. Then phish passwords, lots of ways to do this, creating a submit your password dialog on that phone. Possibly a zero day on iMessage, or maybe on macs in general, or maybe you're an Apple Genius. Try say an ad for the LA Times. Once you phished for the password in the right place, "authorize" an ATV for that account. Ask for the Photostream. Voila, all the pictures on that account. From the phone, straight to your computer (ATV). Do it through a VPN account to hide your actual IP. Randomly trying to find accounts and passwords is WAY too time consuming and unfocused an attack.
This was way more likely, ultimately, an authorize my ATV hack. First target iPhones in the LA area code and likely iPhone prefixes. Find out which ones respond to iMessage for SMS. This will show you iPhones. Then phish passwords, lots of ways to do this, creating a submit your password dialog on that phone. Possibly a zero day on iMessage, or maybe on macs in general, or maybe you're an Apple Genius. Try say an ad for the LA Times. Once you phished for the password in the right place, "authorize" an ATV for that account. Ask for the Photostream. Voila, all the pictures on that account. From the phone, straight to your computer (ATV). Do it through a VPN account to hide your actual IP. Randomly trying to find accounts and passwords is WAY too time consuming and unfocused an attack.
So an "attack" by guessing passwords, directed to only celebrities and only those using iPhones and just a week before the next iPhone announcement. I feel like the purpose, target, sample and timing of this attack is way too "interesting". Somebody must be trying real hard to make Apple look bad before September 9th...
False equivalency. Nothing was left open on their accounts. Their privacy was being protected by a password, which someone committed an illegal offense by hacking into it.
Given the context that only female accounts were hacked, it's a pretty safe bet.
We don't do both because the victim isn't in the wrong. You victim-blaming yourself is different from millions of people victim-blaming one person.
they are full of ****, instead of telling the truth, they deny their fault, why the hell they patch the bruteforce hole of find-my-iphone yesterday if it isn't their fault??!
First of all, the attack did not happen on August 31st. The pictures were leaked that day but attacks probably happened throughout months or maybe years. These pictures have been sitting in someones laptop for a long time.
Second, some of the celebs are not using iPhones.
The Apple bash in some news outlets could have been intentional or just click bait.
Right...I'm just saying that this would verify the type of hack, not that it would have helped prevent it. If they didn't get an e-mail then they probably brute forced the password. If they did get an e-mail then it was most likely the security question scenario
How is it different? Just because more people blame one person doesn't change anything. It's only because more people are aware of the crime.
The problem is rooted deeper than a security issue. Ask yourself why only women's photos were stolen. And the significance of why so many posters here who are male are quick to point the finger.
Anyone (not just celebs) should have strong passwords. But that doesn't mean that someone should force their way "in" and then exploit those photos as if they had any right to do so. Stealing - that's one issue. Exploiting them (and asking for money to boot) is another. And those that click on the photos only perpetuate the culture that makes it acceptable.