Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach

apolloa said:
Nope still blame Apple partly, because it magically patched a security hole and THEN announced it was nothing to do with a security hole...

Anyway, it is their fault entirely for not blocking accounts after the wrong password was used so many times. That is inexcusable IMO.
Click to expand...

They did block accounts after the wrong password was used...so many of you do not understand what happened with the Find my phone backdoor issue, there are details that you refuse to read.
 
KdParker said:
Really....

Let me see if I am getting this right:

Private pics should not be taken unless you are vain.

If you are vain then you are susceptible to creating a bad password

If your private pics are stolen and posted, then that is your fault for taking them.

If you don't mind taking naked pics then you should share them with the world.

So, the creeps who stole your private property have some sort of right to take it because it was there?

Why stop there...why not apply this to money you put in the bank. You put it there and if stolen, then you are responsible cause you could have kept it under your mattress. :rolleyes:
Click to expand...

This has nothing to do with Taking them. Nothing wrong with taking explicit photos. But, if you use a poor password, don't expect your photos, or anything not to be stolen. Its sad that its the case, but that's how it is.

The Internet is like a very busy street, if you leave your purse lying there, expect it to be swiped by someone. So, if your privacy is important to you but still want to take the pictures, take them with a regular camera (better pictures anyway) and never put it on any device at all. Keep it in a lockbox on a SD card and deliver it in person to the intended person.
 
Trapezoid said:
You claimed you're not here to apple bash but you're not even reading the article. The security hole that they patched had to do with find my iphone. Apple stated that this exploit was not used in this hack.

So, now the only thing you have left is "apple is still at fault even though they fixed it and this was not the cause"...kinda speaks for itself. It's clear the only thing that would make you happy is if apple found that it was a breach.
Click to expand...

I didn't read ANY of that in their statement in this story. Please point to where APPLE have stated that in their press release. And they have still admitted it was their systems where the photos were stolen from, a point I do believe you stated was incorrect here:

Trapezoid said:
2) sorry, people kirsten dunst posting "thanks icloud" with an emoji of pizza and a turd with a sad face is not proof that it is Apples fault. This thread is fodder for every troll that posts here and they're talking full advantage of it. While it is seeming more and more likely that apples poor security is involved, kirsten dunsts tweet should not be offered up as proof nor is she sure how she got hacked either. I understand you guys want to jump at every opportunity to bash apple, because that's what you do, but at least try harder to present a coherent argument.
Click to expand...
 
maflynn said:
Sad that too many folks rely on simple passwords, regardless of their position in life.
Click to expand...

Simple Passwords is the result over literally every site wanting you to log in to do anything. I must have 50 or so passwords alone in my 1password app, and I don't even have all my passwords in there. I could hardly imagine trying to keep up with 50 or more complex passwords without an app.
 
Blake10 said:
Always like to think outside the box on cases like this. I'm not a lunatic conspiracy theorist, but it healthy to have questions.... My question: Is it inconceivable a rival such as Samsung facilitated this attack to negatively affect Apple's reputation?

With new details emerging, probably not but would you put it past Samsung in the future? :eek:
Click to expand...

Not that I support you theory, but Apple should not have waited until Monday to address this story.

This spread like wild fire on the internet and the mainstream media picked it up and is being reported not stop.
 
Medic311 said:
well it wasn't my attempt to prove anyone's point, i'm just stating how things are with male and female human beings. technology takes things to different levels, but men will always be attracted to the female body and will act more aggressively to see, touch, exploit, whatever...when compared to what females will do towards males. here is what i posted earlier on in this thread:



Regardless of who these people were and if you think they deserved it, the fact is they didn't and what happened was wrong. They may live a celeb lifestyle with privileged treatment, drive fancy cars, and even do drugs on the side...many have already had wardrobe malfunctions in the past that get exposed by cameras taking 5 photographs a second at all angles as they step out of a car in a skirt. BUT all of these women have fathers and mothers and brothers/sisters, friends, boyfriends, and some of them are married. This leak brings public shame to everyone associated with these people and their lives are affected too. Not to mention some careers will be over for many of these actresses who already said they would never do a nude scene in a film bc their career is more important than money (some even mention Julia Roberts at having been their inspiration for acting). What people do in their private lives is different than what they would do in their public lives. We are all guilty of this and we would all react with disgust if one of these women were our sister, our daughter, our girlfriend, or fiancé/wife.
Click to expand...

Agree with what you bolded. Which is why I say - no matter the security issue - the POSTING of these photos is not something you can blame on the victim.
 
apolloa said:
And did you not read the parts I highlighted? You know the ones where Apple CONFIRMS it HAS had several celebrity accounts accessed and photos stolen... why would anyone blame anyone else when Apple has admitted it was them?
Click to expand...

Apple confirmed that some photos were stolen from icloud accounts. They obviously did not confirm all leaked photos were stolen from icloud accounts.
 
mozumder said:
Yes, but they still allow the password-only authentication.

In a cloud system design, there should be NO password-only authentication.
Click to expand...

My dropbox account only requires one password to login. How does google drive work? Do they force you to 2 step?
 
Iconoclysm said:
They did block accounts after the wrong password was used...so many of you do not understand what happened with the Find my phone backdoor issue, there are details that you refuse to read.
Click to expand...

According to some on here their was no backdoor Find my iPhone issue. And so by default, before their security patch, your telling me you could not enter your password as many times as you wanted because after 4 or 5 incorrect attempts your account was locked?

Link to proof please.
 
iMerik said:
You're quite right. I forget who it was, but one of the celebrities said they had deleted the pictures so the person that stole them has to be an ultra creepy super hacker (my wording, but close enough). No, you just have to understand that deleting the picture from your phone doesn't necessarily mean you deleted it from your cloud service.
Click to expand...

Funnily enough, iCloud didn't exist when she deleted those pictures. Which means these photos likely didn't even come from iCloud.
 
samcraig said:
the POSTING of these photos is not something you can blame on the victim.
Click to expand...

If you leave your door open and get robbed, you definitely share some of the blame even though you are not guilty of the crime.
 
pedromcm.pm said:
Who gives the right for that trash to attempt to enter their account?
Click to expand...

Who here has said anyone had the right to attempt to enter their account?

Someone can rightly call another out for having a weak password without implicitly having condoned the hacker. I'm guessing you and the other poster's like you know that but it is apparently easier to rhetorically scream, "YOU"RE BLAMING THE VICTIM! YOU"RE BLAMING THE VICTIM! YOU"RE BLAMING THE VICTIM!" than to have an objective conversation about the issue.
 
neuropsychguy said:
What!? My password oscar4me wasn't good enough?

/I know a lot of very intelligent people who use simple passwords and I'm not blaming the victims but we need a strong campaign educating people about what are and are not good passwords. Apple's work with suggested passwords is a great start (if only people will use it).
Click to expand...

I would love to use the Apple suggested passwords, but it's made too difficult by the combination of iCloud Keychain inconsistencies, and banking sites that try so hard to make themselves secure that they make it nearly impossible to use password management, thereby making themselves less secure.
 
mozumder said:
The accounts should have been locked when the first few password attempts failed.

Most systems lock you out if you try too many failed passwords, so hackers don't spend too much time trying to test every possible password in brute-force attacks. It looks like this was a flaw in Apple's iCloud system. Unfortunately, this was only fixed a couple of days ago.

If you look at the logs of people doing the ORIGINAL attacks at anon-ib.com/stol/ you can see they were doing this sort of brute-force password attacks for months, possibly years.

Sorry Apple, but this is the your flaw that caused this mess in the first place.

Really, the only long-term solution is to remove passwords from the authentication system entirely. Passwords are too easily guessable.
Click to expand...

I don't believe one second that this is going on for years. Probably got introduced during a recent software update cycle. Also, if you have a decent password, this "attack" would not work because Apple would detect it if the number of login tries spiked to the millions, so I'm loath to call this brute force.
 
gibbz said:
Clearly only women use weak passwords :rolleyes:

How about we stop victim-shaming people, celebrity or not?
Click to expand...

What does this have to do with women? There are boatloads of pretty boys who are just as dumb—I wouldn't be surprised if more men have insecure passwords. Source: I'm a man who used to have somewhat insecure passwords. But the fact remains that the internet changes so rapidly that you better keep up if you want to survive. Get 1Password and lock it down tight with a secure phrase. I use a more complex but still memorable variation of the correcthorsebatterystaple password creation method for important accounts and make complicated passwords for most everything in 1Password. Then I enable two step verification. For less important logins that I use often I might use something a little less complex, but there is no personal info behind them to get stolen. For banking and the cloud, crank 1Password up to the max.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back