Where did you see this information? The Apple press release stated that the accounts were compromised due to a targeted attack on user names and passwords, which sounds exactly like what the find my iphone flaw allowed.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach
- Thread starter MacRumors
- Start date
- Sort by reaction score
Where did you see this information? The Apple press release stated that the accounts were compromised due to a targeted attack on user names and passwords, which sounds exactly like what the find my iphone flaw allowed.
It says it in the apple press release. Its in first page quote from apple and also on their website.
I already did...in a reply to you.
Here it is...again...
http://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html
Please dont ask me a third time.
That's the frustrating part. I want to create a password that's more secure than what Apple wants me to do, and it's not an option.
----------
Apple saying there wasn't a breach in find my iphone is very different than saying people didn't exploit the ability to get in that way using brute force. But, regardless it's pretty clear that the issue is weak passwords and security question answers, which isn't Apple's fault regardless if they didn't do what they needed to do to make it difficult to attack the accounts.
The responses I've seen have pointed to the fact that the statement says that Find My iPhone was not breached. I had the same thought as you at first, however, and I'm not entirely satisfied with the wording as I feel it gives them wiggle room.
I think what it comes down to is interpretation. Does 'no breach' mean "the flaw was not used to target and force these accounts"? Or does it mean "the overall service was not compromised on a global scale"? That's the tricky part.
Oh ok if its a semantics argument then yes we don't know what's on apples mind.
Here's a quote from an article at theverge.com, which is essentially what I'm wondering about.
some people seem bent on blaming a company when people are the issue. They decided to take the photos and make the videos. They then decided upload them online and from reports have used very poor password and security combinations.
Apple will have work to do in making the service even more secure to reassure users after the media with hunt full of miss information but this will not affect payment plans like others mention.
Apple will have work to do in making the service even more secure to reassure users after the media with hunt full of miss information but this will not affect payment plans like others mention.
Yep I see where there's ambiguity. I'm sure we will find out more information in the next couple of days.
Am I missing something, hacking a password etc there is tools to do but how do people find the persons email address in the first place?
Dropbox has 2 step authentication. I know because I have 2 step set up on my Dropbox accounts. I believe Google has 2 step on all its products. I don't use Drive, but I had to sync some Chrome bookmarks to new Macbook Air yesterday. They wanted 2 step for authentication for connecting it to my account.
Last edited:
3 attempts would insure Apple is pestered day and night by people locked out of their own account or insure people use very bad password to make sure that this doesn't happen.
You can always add whatever more secure stuff you want on to the end of whatever you think Apple wants you to do. If you think Apple demands you use A1. then use something like "correct horse A1. battery staple" as your option for something more secure. So stop being frustrated.
If you want to see an example of bashing Apple, here's one. There is no word mincing here. What you presented was nothing like this.
http://valleywag.gawker.com/icloud-isnt-safe-because-everyones-a-target-and-apple-1629660564
Not only are there lots of encrypted storage iOS apps (some with source code you can audit), but you can also write the answers down where you won't lose them (passport, bank deposit box, etc.)
You're very generous, its more 5 million which have weak passwords. Even worse, if you discover a bit more on those people, probably another 5 million accounts become easy to penetrate. Its acfually a miracle there is not more people being hacked than we know of. Just to show that most people have little of value to steal ;-).
A well designed security system needs to be reasonably convenient. Apple's current system is not. You cannot expect people to pick passwords consisting of 20 random characters when at the same time you force them to enter said password on a mobile device all the time. It's just not practical.
If it turns out to be weak passwords, is that really a hack?
If someone leaves their keys in the car and it gets stolen, do you blame the car company?
how was my post disgusting? guess you haven't seen .zip compilation otherwise you would know what i am referring to. these weren't just topless shots. Kate Upton pretty much has every inch of her body in a photo in that folder. she really went to town on herself
Unless your living downtown and there's like thousands of people going past your house every hour, not sure how a crowded street couldn't be more appropriate than your house analogy. On St-Catherine around here, at 4pm, probably 10K people go past one spot per hour. Not many houses I know have this kind of traffic... Even in dense cities, very few houses would be exposed to this kind of traffic. Throughout the day, plenty of streets around here the densest parts have 3K-7K of foot traffic per hour on average with higher peeks.