Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach

[Soulweaponry]

I wouldn't condone the crime against you if you used a weak password any more than I would with a celebrity (whom I honestly have zero respect for in most cases--I don't even recognize most of the names mentioned in conjunction with this).

If a system has a wide-open back door and it gets exploited, you can certainly give the system owner a hard time for being stupid (see: Target), but that doesn't negate the crime any more than forgetting to lock your door makes it okay for someone to steal your TV.

The nature of this particular crime is also notable, in that it's not just a reparable or ignorable theft but an irrevocable violation of privacy.

Well, I think some balance is needed when talking about this issue. I think what the person you're replying to really meant is that the person making a weak password should accept some responsibility for this incident occurring because if you don't protect yourself, you're asking for it.

All those celebrities with easy to guess passwords don't deserve to have their stuff stolen, but they do share a bit of responsibility. I don't see how you could argue against that at all. It's important to realize what kind of world we live in and be prepared for all the bad stuff out there

 

[iBug2]

I agree that Apple and other vendors should offer make-up-your-own security questions

Don't they? I think you can create your security questions for AppleID.

 

[gnasher729]

Again, you can not crack even an unsafe password with only 5 attempts!

You can crack the five most unsafe passwords in only 5 attempts.

The victim doesn't get any of the blame for hacking into an account and stealing compromising pictures. None. 0%. Not a whit. You can't convince me that the victim is in any way responsible for committing that crime. Nothing the victim did in this case should have any bearing on the criminal's guilt or on the punishment if the perpetrator is found, and found guilty in court.

The celebrity is responsible for setting a weak password. There is no law against having a weak password on a personal internet account, so there is no legal punishment. On the other hand, knowing that there are people out there trying to dig up information about you (some of the willing to commit criminal acts to do it), it's up to you to safeguard your privacy. Don't trust the disgusting, creepy criminal hackers to put your privacy ahead of their nefarious hobby.

You can hope that the people who did this will be caught and punished. I hope so to.

We can just hope that they get caught and sent to jail, and then we can all have a laugh about idiot hackers who are more stupid than some celebrity. I'd be quite confident that say a $100,000 reward will get them ratted out.

Sadly, the same thing happened to my daughter (no pics, just account hacked) by two idiot teenagers being *******s. They were able to guess the answers to her security questions and changed her password. Then they used that to hack all her social media accounts.

That sounds like you found out who the perpetrators were?

 

[JesusQuintana]

So it is your banks fault if I got into your online account by guessing your password after a few hundred attempts? IS IT? That's your logic on that one, of course it is Apple's fault, it is their system, it is their engineers that made it and service it, it is their responsibility to allow for simple passwords and set up systems to prevent hacking or accounts being accessed as much as possible.
And did you not read the parts I highlighted? You know the ones where Apple CONFIRMS it HAS had several celebrity accounts accessed and photos stolen... why would anyone blame anyone else when Apple has admitted it was them?

You aren't getting my point. These photos were acquired through various methods over the years. Somehow, though, the narrative has gotten fixated on the Find My iPhone flaw. A journalist took the original story and then speculated that perhaps the security fix Apple implemented could somehow be related. That questionable assumption is the entire case against Apple.

I am sure that Google, Dropbox and a few ex-boyfriends are breathing a sigh of relief that Apple is getting tarred as the sole source of the photos.

 

[tbrinkma]

No. Having unbreakable windows and complete security in your lock would not be the equivalent of the situation here. That would be having a 5 step verification with fingerprint retina and DNA scan every step of the way to access to your icloud.

Nobody is expected to go that far to protect a couple of nude pictures. The security has to match the value of the target.

There's *ALWAYS* 'more that could have been done to prevent the crime'.

That has absolutely no bearing on who is to blame for the crime committed.
Hint: It's not the victim.

If your house is robbed, it's not your fault, regardless of whether you locked the door, welded it shut, or left it wide open. The blame belongs *solely* with the person who robbed you.

Is that really so hard to understand?

----------

Amazing these still exist, isn't it? Really annoying when you are limited to 8.

Ran into a site just last year where it was limited to *6*. (No, that's not a typo.)

 

[GeneralChang]

I haven't used a password under 12 characters in over a decade, except on the increasingly rare systems with a password length limit.

Password length limits are infuriating. I mean, yes there should probably be a coded limit somewhere, but is there any reason it can't be like, 30 or 50 characters instead of 10? If I can create a password I can remember with three times the entropy, why wouldn't you make that an option?

What's even worse is my bank used to be one of those entities that limited the number of characters to 10. I seriously considered switching to another bank over that before they made it larger.

 

[apolloa]

I bolded where they said that in their statement. Here is their statement: http://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html

Now I don't know why you didn't see "any of that in their statement in this story" other than you didn't read it and just wanted to continue apple bashing.



I'm not trying to insult so please do not take offense and if you do I apologize in advance. I can see why other posters get frustrated talking with you; but is english not your first language? I did not say that the photos were not stolen from iCloud. In fact, I CLEARLY said that they very well might be. What I did say was that Kirsten Dunst saying "Thanks iCloud" doesn't make it Apple's fault. You used her tweet as proof that it was an apple hack, you started bashing apple talking about their poor security blah blah blah. The fact is, that's not what happened.

If english is not your first language, I'll give you the benefit of the doubt and not accuse you of being obtuse.

Are you American? English is my first language, I just have a different opinion to yours and because you are not able to change my opinion to match your own, you ask if English is my first language? But I see many others on here have no problem with my comments, and others stating the same thing, I guess English isn't their first language too?

 

[iBug2]

And, strangely enough, people get mugged (and hacked) even when they *do* follow all those suggestions.

There's a pretty strong hint there, too. It's that it's not the victim's fault.

Are you actually claiming that if we all left our doors unlocked, the robbery rate in our neighbourhood would be the same?

Yes still some people get mugged, mostly the people who do not follow the suggestions.

Crime and anti-crime go hand in hand. Criminals find new ways to rob people, and people find new ways to protect themselves, constantly. It's your responsibility to learn how to protect yourself.

 

[DisMyMac]

If the hackers are targeting security questions they're not really guessing.

They are also not guessing if the girls gave them the passwords. You can imagine why they might do that, all being special celebrities.

 

[irnchriz]

Don't they? I think you can create your security questions for AppleID.

As long as you know the question being answered you can answer anything you like. E.g. Place of birth. Answer: Helen mirren banana hammock

No one is going to get that out of you through phishing LOL.

 

[pedromcm.pm]

Did you even read my post? I said the same exact thing you just did. If you don't lock your doors, you're to blame just as much as the thief who walks in the unlocked door.

What... The... ****?

 

[iBug2]

As long as you know the question being answered you can answer anything you like. E.g. Place of birth. Answer: Helen mirren banana hammock

No one is going to get that out of you through phishing LOL.

Yes but I think you can also create your own security question as well instead of choosing from a list.

 

[mabhatter]

So you're going to blame the victim?

Celebrity nudes on iCloud is like storing a Gold Brick in your mailbox... Technically it's illegal to get into your mailbox.. But if there's a chance of a Gold Brick 10,000 idiots are GOING to be trying. Those nudes are literally "worth gold" so treat them as such.

 

[GeneralChang]

If your house is robbed, it's not your fault, regardless of whether you locked the door, welded it shut, or left it wide open. The blame belongs *solely* with the person who robbed you.

----------



Ran into a site just last year where it was limited to *6*. (No, that's not a typo.)

But it's still a good idea to do everything in your power to prevent it (read: lock your doors at night, just in case ).

And seriously? Six? That's absolutely ridiculous.

 

[firewood]

And, strangely enough, people get mugged (and hacked) even when they *do* follow all those suggestions.

Yep. But usually a far lower percentage of citizens do per annum, than those who do not follow best practices and good safety procedures.

Follow the numbers. The numbers are a stronger hint than a random person's opinion on who to blame or not.

Basic numeracy.

 

[appleii.c]

Banks use a much more secure system though, for instance mine has a user code, then random numbers from a passcode and then random characters from a password, you get TWO attempts to get them all right otherwise the account is locked.

And still, i'm sure your password is still stronger than something like "chase1".

 

[Ashin]

Still Apple's fault. There was a flaw in the Find my iPhone API that allowed for brute forcing, and passwords could be attempted an unlimited amount of time without causing any security alerts.

 

[zioxide]

What... The... ****?

Do you not understand English or something?

Good luck getting an insurance company to cover stolen items if they find out they were stolen out of a house or car you left unlocked.

If you take all the precautions (ie lock your doors and arm your security system), you've done all you can do and you don't deserve any blame.

If you fail to take common sense precautions, you are partly to blame.

 

[mabhatter]

There's *ALWAYS* 'more that could have been done to prevent the crime'.

That has absolutely no bearing on who is to blame for the crime committed.
Hint: It's not the victim.

If your house is robbed, it's not your fault, regardless of whether you locked the door, welded it shut, or left it wide open. The blame belongs *solely* with the person who robbed you.

Is that really so hard to understand?

----------



Ran into a site just last year where it was limited to *6*. (No, that's not a typo.)

But celebrity nudes are like Gold Bricks... If you just left gold bricks on your kitchen table or underware drawer, then yeah, it's kinda your fault. Put them somewhere SAFE.

 

[Medic311]

That's called a "Denial of Service Attack" (DoS attack). Guess which username someone would use, try to get to their account with random passwords until you and they are locked out.

if given the opportunity, i'm sure Kate Upton would have preferred to have her account locked vs having someone post a photo of her spreading her V wide open for the camera

 

[iBug2]

There's *ALWAYS* 'more that could have been done to prevent the crime'.

That has absolutely no bearing on who is to blame for the crime committed.
Hint: It's not the victim.

If your house is robbed, it's not your fault, regardless of whether you locked the door, welded it shut, or left it wide open. The blame belongs *solely* with the person who robbed you.

Is that really so hard to understand?

And I'm saying that it's your fault partly. Don't confuse fault with guilt please. The robber would still get the same punishment but you are faulty in one case and not faulty in another. You being faulty does not take away the guilt from the robber.

Is it really so hard to understand that what we are discussing is simply opinions and neither me or you is wrong?

I think you are to blame if you leave your door open. The robber is guilty.

I think you are less to blame if you lock your door but leave the key under the mattress. The robber is guilty.

I think you are even less to blame if you lock your door and take the key inside. The robber is guilty.

I think you are even less to blame if you double lock your door and windows. The robber is guilty.



The more you do, the less you are to blame. The robber is guilty.

That does not mean you have to have "everything in humanities disposal" to protect your house unless live in the Fort Knox.

The value has to match the security.

And protecting your nude photos with an easy password or easy security questions is "LESS" than what's expected of you.

You made a mistake, and if you do not believe this, then phone these celebrities and ask them if they have chosen better passwords after August 31st. I bet anything that those same people won't be hacked the same way ever again because they paid a heavy price for their mistake and "LEARNED".

 

[Trapezoid]

Are you American? English is my first language, I just have a different opinion to yours and because you are not able to change my opinion to match your own, you ask if English is my first language? But I see many others on here have no problem with my comments, and others stating the same thing, I guess English isn't their first language too?

You just ignored everything I said and harped on something that I asked only because it seemed like you were misunderstanding what I was saying. Something that I said beforehand that I'm not saying to insult. Something I was trying to give you the benefit of the doubt on. Note to self: that's not the case.

It has nothing to do with opinion. It's a fact. You're in denial about it because you're here to bash apple.

I did not say that Apple is not at fault in that Kirsten Dunst thing you quoted me saying. IF you'd like to show me where I said that, I'd be glad to entertain you?

There's no opinion. You're wrong. This has nothing to do with brute force, unless your next argument is Apple is lying about their investigation?

 

[miamialley]

Only if they got in by trying out passwords.

How likely is it they didn't get it this way though? I'm not believing they tried one or two common password on all these accounts. Which goes back to the brute force theory, right?

 

[iBug2]

Still Apple's fault. There was a flaw in the Find my iPhone API that allowed for brute forcing, and passwords could be attempted an unlimited amount of time without causing any security alerts.

And apparently this was not used to hack these accounts.

 

[zioxide]

And I'm saying that it's your fault partly. Don't confuse fault with guilt please. The robber would still get the same punishment but you are faulty in one case and not faulty in another. You being faulty does not take away the guilt from the robber.

Is it really so hard to understand that what we are discussing is simply opinions and neither me or you is wrong?

I think you are to blame if you leave your door open. The robber is guilty.

I think you are less to blame if you lock your door but leave the key under the mattress. The robber is guilty.

I think you are even less to blame if you lock your door and take the key inside. The robber is guilty.

I think you are even less to blame if you double lock your door and windows. The robber is guilty.



The more you do, the less you are to blame. The robber is guilty.

That does not mean you have to have "everything in humanities disposal" to protect your house unless live in the Fort Knox.

The value has to match the security.

And protecting your nude photos with an easy password or easy security questions is "LESS" than what's expected of you.

You made a mistake, and if you do not believe this, then phone these celebrities and ask them if they have chosen better passwords after August 31st. I bet anything that those same people won't be hacked the same way ever again because they paid a heavy price for their mistake and "LEARNED".

This post is spot on.

Too many people in this world lack any sense of personal responsibility.

How likely is it they didn't get it this way though? I'm not believing they tried one or two common password on all these accounts. Which goes back to the brute force theory, right?

I'd be leaning much more towards the weak security question answers over anything else at this point.