Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
- Thread starter MacRumors
- Start date
- Sort by reaction score
Unlikely. It's possible that most of us here at MR's think about it more, though.
A safe bet, given that this is what the headline said.
Not exactly their fault when the security questions tend to be very boilerplate.
That the source of the images is iCloud, when they came from a darknet market :/
I can't believe people even considered Apple was to blame for this issue. I never for a moment considered it a remote possibility.
If you want to know EXACTLY how the hackers broke into these accounts, read this: http://www.businessinsider.com/the-...ing-that-leaked-naked-celebrity-photos-2014-9
The hackers are all at anon-in.com/stol/
This is 100% fault of Apple.
There's a LOT of terrible security design by them.
Apple should have known better than to rely on simple authentication when so much data is now stored in their cloud.
The hackers are all at anon-in.com/stol/
This is 100% fault of Apple.
There's a LOT of terrible security design by them.
Apple should have known better than to rely on simple authentication when so much data is now stored in their cloud.
You just proved my point. Thank you. The objectification of women/rape culture we live in makes it more "ok" to post pictures of women. And further to (not saying you specifically - but some on this forum) suggest that because they took the photo - everyone in the world is entitled to see those pictures or that it's ok.
Thanks for the explanation. And weak like that, okay I understand. Your password is only as strong as the weakest service you're using with it. That's why I myself have unique passwords for my high-privacy things, such as Google, Facebook, Apple, etc.
I've read that certain celebs claim to use BB or Android, so it probably has nothing to do with Photostream or any other Apple-related services.
you raise a very good point. on many systems after 3 or so (sometimes the limit is 10) incorrect guesses it not only temporarily locks the account but it sends a notification email stating what is going on. that would have given these women time to act...to go in and change passwords and change security questions again...or contact apple and put a temp hold on everything.
my guess is that Apple decided not to do this in a move to save money. they figured the amount of time wasted would add up to substantial costs in terms of labor hours at the Apple Store or Apple Care 1-800 number with customers who locked themselves out of their own accounts and needed the hold lifted. that is my guess because this is common sense in today's age. heck my Windows XP laptop from 2004 won't let you type in the wrong password more than 5 times before it locks you out and you have to go through various steps
The security hole that was patched was not involved in this hack.
You claimed you're not here to apple bash but you're not even reading the article. The security hole that they patched had to do with find my iphone. Apple stated that this exploit was not used in this hack.
So, now the only thing you have left is "apple is still at fault even though they fixed it and this was not the cause"...kinda speaks for itself. It's clear the only thing that would make you happy is if apple found that it was a breach.
So it is your banks fault if I got into your online account by guessing your password after a few hundred attempts? IS IT? That's your logic on that one, of course it is Apple's fault, it is their system, it is their engineers that made it and service it, it is their responsibility to allow for simple passwords and set up systems to prevent hacking or accounts being accessed as much as possible.
And did you not read the parts I highlighted? You know the ones where Apple CONFIRMS it HAS had several celebrity accounts accessed and photos stolen... why would anyone blame anyone else when Apple has admitted it was them?
Nobody ever said that these questions have to be answered truthfully. The problem is that most people seem to treat these security questions like quiz questions and don't consider for even a microsecond that they could actually give a made-up answer, as long as it's an answer they can easily remember.
For example, when asked for the name of your high school, you could answer "Hogwarts", and no amount of social engineering could ever allow anyone to guess that question (unless of course you are Daniel Radcliffe).
If you're looking for a reasoned argument or sudden flash of realization from someone like that, you're wasting your time. "Men like boobs, so it's okay to steal nudes." Strong logic.
You can say whatever you want; doesn't make it fact. FBI is investigating. If they'd conclude Apple was at fault then so be it. Until then Apple is in the clear in my book.
No, a backdoor through the find my phone interface allowed for consecutive failed login attempts. It wasn't as simple as you're making out.
It was fixed YESTERDAY morning.
well it wasn't my attempt to prove anyone's point, i'm just stating how things are with male and female human beings. technology takes things to different levels, but men will always be attracted to the female body and will act more aggressively to see, touch, exploit, whatever...when compared to what females will do towards males. here is what i posted earlier on in this thread:
Regardless of who these people were and if you think they deserved it, the fact is they didn't and what happened was wrong. They may live a celeb lifestyle with privileged treatment, drive fancy cars, and even do drugs on the side...many have already had wardrobe malfunctions in the past that get exposed by cameras taking 5 photographs a second at all angles as they step out of a car in a skirt. BUT all of these women have fathers and mothers and brothers/sisters, friends, boyfriends, and some of them are married. This leak brings public shame to everyone associated with these people and their lives are affected too. Not to mention some careers will be over for many of these actresses who already said they would never do a nude scene in a film bc their career is more important than money (some even mention Julia Roberts at having been their inspiration for acting). What people do in their private lives is different than what they would do in their public lives. We are all guilty of this and we would all react with disgust if one of these women were our sister, our daughter, our girlfriend, or fiancé/wife.
It isn't usually the case that the password itself is really weak (as in you'd guess it by the hundredth try), but that most people use the same passwords everywhere. So, all you need to do is find one weak link in the chain (hack into some random web server, grab a password file/database and brute force it) and suddenly everything is compromised. The other weak link is your email, so even if they used a different password for Apple than they did for gmail, say.. If they used the gmail password somewhere else and someone gets access to that, then they're a 'Forgot my password' away from accessing everything else too.
Schadenfreude. Not saying it's good, but it's understandable. If this breach happened to you or I do you think Apple or the media would give one, single fig about it? Never. But it happens to them and the whole world is offended. Something about the fact that it has to do with their own neglect softens the blow of indifference to the masses.
Yes, but they still allow the password-only authentication.
In a cloud system design, there should be NO password-only authentication.