Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Celebrity iCloud Accounts Compromised by Weak Passwords, Not iCloud Breach

phillipduran said:
Let me put my home entertainment gear in the back of an open truck and park it in a bad part of Detroit while I go eat lunch in a restaurant.
Now tell me how I'm not, in some part, to blame when I get back and all of the electronics are gone.
Click to expand...

They did not leave the truck open. They entered a password, answered the security questions. That's it. It's like blaming someone telling him that the electronic had been stolen because the window's glass was not bullet proof.

Dude, it's not that they shot their private version of 2girls1cup and put it on a non-public youtube channel. They put some private pictures on a private, protected backup server.
 
gotluck said:
well the system really shouldnt allow weak passwords, I thought icloud already didnt allow weak passwords to begin with, so i am confused.
Click to expand...

What's your definition of weak? You can't use 12345678 but that doesn't mean the system forces you to choose very strong passwords either.

In any case, I doubt any of these photos were gotten through trying out passwords. That's the least effective method I can think of.
 
SMIDG3T said:
Serves them right having such a weak password.

I bet "password" or "abc123" were used.

What do you expect "celebrities"? I knew iCloud was stronger than that.
Click to expand...

No it does not 'serve them right'. Since when does someone deserve to have their privacy invaded?
 
iBug2 said:
The photos did not appear out of nowhere in the celeb photo ring obviously. Some of them probably are from iCloud accounts.
Click to expand...

From experience...it's much easier to gain access via security questions than brute force. True, some of them may be from iCloud, but I doubt it was obtained with brute force.
 
Amacfa said:
From experience...it's much easier to gain access via security questions than brute force. True, some of them may be from iCloud, but I doubt it was obtained with brute force.
Click to expand...

That's what I said. Even I hacked someone's msn password once using security questions, it took 15 minutes.
 
Amacfa said:
Umm yeah..
Image
Click to expand...

Like I said, I didn't read everything out there; especially a foreign site. But I will address your post. Here's what I see:

Are your iCloud photos still at risk? - Considering the circumstances this was a valid question don't you think? Apple just recently posted a response.

Apple unable to offer assurances to millions of users 24 hours after hackers leaked 101 celebrities' naked images online. - I see nothing untrue here. Again, Apple didn't post a response until 40+ hours later.

Click bait headline? Sure. I still don't see bashing. I would love to know how you qualify this as bashing. I'm not being snarky when I say that. I'm genuinely curious how you get bashing from what you presented. Was the accompanying article a hit piece? Not sure because you only presented the headline to give me an example of Apple bashing. I don't think this was the best example.
 
gotluck said:
if it was a breach (brute force), would apple actually admit it?

wouldn't a third party have to prove it was a breach for apple to admit it?

the same would hold true for any company, not just apple

why would any company take the heat if they didn't have to?
Click to expand...

They probably would admit it. They've admitted other major problems. BTW, again, if you'Re using a very weak password, I'm loath to call whatever breach occurs : brute force.
 
The timing of the release reveals that the "masterminds" of the leaked photos are anything but.

Anyone that wanted to do serious PR damage to Apple would've done so the day preceding, the day of, or the day after the keynote on the 9th - significantly altering the public's focus and potentially costing Apple sales based on fear of the security of their cloud systems.

Enable two-factor authentication, kids.
 
69Mustang said:
Like I said, I didn't read everything out there; especially a foreign site. But I will address your post. Here's what I see:

Are your iCloud photos still at risk? - Considering the circumstances this was a valid question don't you think? Apple just recently posted a response.

Apple unable to offer assurances to millions of users 24 hours after hackers leaked 101 celebrities' naked images online. - I see nothing untrue here. Again, Apple didn't post a response until 40+ hours later.

Click bait headline? Sure. I still don't see bashing. I would love to know how you qualify this as bashing. I'm not being snarky when I say that. I'm genuinely curious how you get bashing from what you presented. Was the accompanying article a hit piece? Not sure because you only presented the headline to give me an example of Apple bashing. I don't think this was the best example.
Click to expand...

Of course it is bashing. First of all why does it say "Apple" when people weren't even sure it was iCloud and iCloud alone as the source of the photos?
 
iBug2 said:
What's your definition of weak? You can't use 12345678 but that doesn't mean the system forces you to choose very strong passwords either.

In any case, I doubt any of these photos were gotten through trying out passwords. That's the least effective method I can think of.
Click to expand...

the real question is what is apple's definition of weak, and why are they allowing what they consider to be weak passwords

internal security audit should nip stuff in the butt like this
 
keysofanxiety said:
What's more likely:
...

B) The people in question don't understand photostream, had poor passwords, and unwittingly had copies of the pictures distributed by their ex-boyfriends

But hey, you bet away on the bruteforce.
Click to expand...
I don't understand the `poor passwords` thing. So they just randomly guessed JLaw's password was "IamtheLAW" in the first guess? In case of a bruteforce the simplicity of the password does have influence, since they can run the x amount of most used passwords and shazam.

Of course the images could be distributed by ex-boyfriends, but I find it weird that all of a sudden these all show up in the same hacker/group.

I also don't understand they don't understand photostream. I'm not a user myself, but it's not as if it is going give access to random people, right? Or what am I missing?
 
69Mustang said:
Like I said, I didn't read everything out there; especially a foreign site. But I will address your post. Here's what I see:

Are your iCloud photos still at risk? - Considering the circumstances this was a valid question don't you think? Apple just recently posted a response.

Apple unable to offer assurances to millions of users 24 hours after hackers leaked 101 celebrities' naked images online. - I see nothing untrue here. Again, Apple didn't post a response until 40+ hours later.

Click bait headline? Sure. I still don't see bashing. I would love to know how you qualify this as bashing. I'm not being snarky when I say that. I'm genuinely curious how you get bashing from what you presented. Was the accompanying article a hit piece? Not sure because you only presented the headline to give me an example of Apple bashing. I don't think this was the best example.
Click to expand...
Jumping to a false conclusion is as close as it gets to acceptable media bashing
 
phillipduran said:
This don't blame the victim thing is too disconnected from reality.

Let me put my home entertainment gear in the back of an open truck and park it in a bad part of Detroit while I go eat lunch in a restaurant.

Now tell me how I'm not, in some part, to blame when I get back and all of the electronics are gone. People would say to me, that was really dumb that you did that, and what were you thinking?

You make bad choices, you are in part to blame. The internet is a dangerous place and you need to harden your security against it. Failure to do so puts you and your information at risk. If this was a problem caused by using weak passwords, like your dogs names or kids birthday, then you are in part to blame for not doing your part.

Don't be dumb, if you are, you deserve the ridicule. What was John Wayne's quote? "Life is hard; it's harder if you're stupid."

I'm not giving these folks a free pass if it was bad password choices. They chose to be on the stage and in the spotlight. You darn sure better be making good choices when it comes to securing your information because the wolves are going to be out there looking to exploit you.
Click to expand...

Only that analogy fails because they locked up their account with a password. They didn't post it on twitter or FB and then cry when it was "taken" from them
 
neuropsychguy said:
What!? My password oscar4me wasn't good enough?

/I know a lot of very intelligent people who use simple passwords and I'm not blaming the victims but we need a strong campaign educating people about what are and are not good passwords. Apple's work with suggested passwords is a great start (if only people will use it).
Click to expand...

No, please no. I'm sick of every single stupid website where I have to make an account I don't care about forcing me to have a secure password that I won't remember, especially when I'm forced to use weird things like exclamation points and capital letters in it. Yes, I put secure passwords on things I care about, but my password for 90% of my accounts is the same simple, hackable, DGaF password that I'll remember easily.

By the way, there's another security problem people seem to be ignoring. Why did these celebrities put nude photos of themselves on iCloud in the first place? Honestly, I think this whole thing was intentional.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back