Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach

[doelcm82]

Victim blaming, cool

I blame the celebrities who have compromising documents stored on the internet behind weak passwords. I especially blame those who have not yet been hacked, but aren't currently strengthening their passwords and removing the compromising files.

You may think they should just leave everything as it is, and hope that they get hacked because that will absolve them of all responsibility.

 

[samcraig]

Always like to think outside the box on cases like this. I'm not a lunatic conspiracy theorist, but it healthy to have questions.... My question: Is it inconceivable a rival such as Samsung facilitated this attack to negatively affect Apple's reputation?

With new details emerging, probably not but would you put it past Samsung in the future?

Now I've read everything

The victim was Apple's name.

Got blamed in the press because some people were reckless.


It's like blaming Ferrari because they make fast cars.

People need to stop with analogies. Apple's security being suspect wasn't a crime. People's personal photos being STOLEN and then posted for the world to see was.

 

[bpeeps]

I've been waiting for this post. With all the race bait posts MacRumors posts, I was surprised it took them this long to write an article that will generate the site clicks.

Let the sexism and victim blaming commence!

 

[TWSS37]

11 of the most famous ones? Come on now.

That had pictures worth posting, anyway...

 

[iBug2]

That had pictures worth posting, anyway...

Not to mention we don't even know which other accounts are compromised. The leaked pictures seemed to be a part of something much bigger as the discussion in 4chan led us to believe.

 

[jlake02]

We, as tech users, need to realize that no matter how "secure" the cloud is there is always a chance someone could access our data.

Taking intimate photos on a device connected to the internet was mistake #1.

Allowing such intimate photos to be uploaded to the cloud was mistake #2.

 

[yaxomoxay]

Taking intimate photos on a device connected to the internet was mistake #1.
Allowing such intimate photos to be uploaded to the cloud was mistake #2.

Why? Why would be doing something honest, legal, licit and private be a mistake after a criminal commits a crime? If the legal system was based on those premises it would be a nightmare.

I guess e-banking should stop immediately since banks and credit cards account are hacked daily.

 

[Nik]

Again, you can not crack even an unsafe password with only 5 attempts!

 

[jc1350]

The key phrase here for me is "and security questions". Most of those questions are biographical, and most celebrity biographies are well known.

I've always thought it was silly to say that the name of my high school was a security question-- there is nothing secure about that information.

No one has to provide accurate answers. I don't. I pick a question and use a fictitious answer that only I know.

UPDATE - I see this or similar advice was already given. I should have know.

 

[Black Magic]

Sadly, the same thing happened to my daughter (no pics, just account hacked) by two idiot teenagers being *******s. They were able to guess the answers to her security questions and changed her password. Then they used that to hack all her social media accounts.

Haven't read the whole thread yet but did you hold the culprits accountable?

 

[iBug2]

Again, you can not crack even an unsafe password with only 5 attempts!

You don't crack it with 5 attempts. You guess the security questions and reset it. If there's no 2-step verification, answering security questions is enough to reset your password.

I actually did this to a guy I know from internet back in 2008. I wanted to hack his msn password, and his security question was something like his birth place. I knew which country he lived in, so I attempted with several town names, and got it right on second or third attempt and reset his password.

 

[C DM]

Again, you can not crack even an unsafe password with only 5 attempts!

Not unless you get the right one or the right security questions/responses in less attempts than that.

 

[rmatthewware]

Security questions need to go away. The information is always too easy to obtain. I would make up fake answers, but then I'd have to remember them. Like another password.

 

[Nik]

You don't crack it with 5 attempts. You guess the security questions and reset it. If there's no 2-step verification, answering security questions is enough to reset your password.

Indeed. This goes to the guys who say that a weak password was the issue.

 

[guerro]

Wait, so you mean PASSWORD1234 is not a good password??? Ohmugawd.

 

[tmoerel]

Again, you can not crack even an unsafe password with only 5 attempts!

Crack NO......but if you do some informed guessing it might be enough!!

 

[GeneralChang]

Well, that's reassuring. Not that anyone is going to be trying to brute force hack their way into my iCloud for any reason.

Still though, can we all just agree to turn on 2 step authentication if possible? It's just a good idea.

 

[mdlee2009]

ABC News in San Francisco apparently changed their story headline to be less sensationalist. Compare the headline here with the URL.

"...but the hacker reportedly gained access to the pictures on the victims' cellphones through Apple's iCloud."

They were in the Cloud...they didn't necessarily have to be on their phones. People really don't get the Cloud

 

[iMerik]

Security questions need to go away. The information is always too easy to obtain. I would make up fake answers, but then I'd have to remember them. Like another password.

Make up all of your security question responses and store them in a password manager as a note or whatever for that site or service along with the unique, strong passwords you use.

 

[bpeeps]

I blame the celebrities who have compromising documents stored on the internet behind weak passwords. I especially blame those who have not yet been hacked, but aren't currently strengthening their passwords and removing the compromising files.

You may think they should just leave everything as it is, and hope that they get hacked because that will absolve them of all responsibility.

Yes, let's blame the victims and not the hackers.

 

[iBug2]

Yes, let's blame the victims and not the hackers.

Why can't we do both? To be honest my credit card information was stolen last month and all I did blame was myself. From now on whenever I shop online I use my banks "virtual credit card" system and never ever give my actual credit card info to any online store, other than the major players like amazon.

 

[bushido]

Again, you can not crack even an unsafe password with only 5 attempts!

tell that to hollywood.

OH LOOK he has a picture of his dog on the desk ... the password is probably "Rocky" ... doesnt work.
OOOH i remember his first girlfriend had blond hair. try "blonde" ... THAT WORKED!

every single movie or tv show ever

 

[RimasM]

I will definitely enable two steps verification!

Oh wait...it is not available in my country...

 

[mdlee2009]

You don't crack it with 5 attempts. You guess the security questions and reset it. If there's no 2-step verification, answering security questions is enough to reset your password.

You still have to have a username to do the security questions...How did they get those?

 

[iMerik]

"...but the hacker reportedly gained access to the pictures on the victims' cellphones through Apple's iCloud."

They were in the Cloud...they didn't necessarily have to be on their phones. People really don't get the Cloud

You're quite right. I forget who it was, but one of the celebrities said they had deleted the pictures so the person that stole them has to be an ultra creepy super hacker (my wording, but close enough). No, you just have to understand that deleting the picture from your phone doesn't necessarily mean you deleted it from your cloud service.