Scammer Infiltrated Thousands of iCloud Accounts to Find Nude Photos

[bluespark]

1-Apple will hand the government any information they legally have to. Its the law

2-AFAIK iCloud is not encrypted and thus Apple employees can access it and will hand it over with all its content to any legal request

Your sentence to which I responded was "Apple employees can open those files and will hand them over to any goverment [sic] entity when they request them." This is patently false.

 

[SurferPup]

That's why I crop out the faces in my photos.

 

[Shirasaki]

But the user isn’t logging in right? This scammer is getting credentials THEN logging in themselves. So when the scammer try to log in, 2FA would have kicked in. Notifying them of something suspicious.

Oh ok so if that happens 2FA will trigger.

 

[matrix07]

The issue here is: when 2FA notification pops up? It must happen after the user enters Apple ID and password, and said website or application must send a login request to Apple, and then Apple triggers 2FA for users to confirm. Will that fake Apple ID website triggers 2FA login prompt, which depending on people's stupidity, could either tap allow or don't allow. For me, when I try to log in to my Apple ID from https://appleid.apple.com from a browser that is not trusted, 2FA will trigger, as soon as I hit the arrow. Will that 2FA website triggers it? Or it is just a fancy keylogger that saves your entered Apple ID and password without triggering 2FA?

If someone could brief me on these details I'd be much appreciated.

I believe it needs a permission from your trusted devices to allow the login. If the hacker tries to access your account from his device/browser then he wouldn't be able to unless you explicitly allow it.

 

[Shirasaki]

I believe it needs a permission from your trusted devices to allow the login. If the hacker tries to access your account from his device/browser then he wouldn't be able to unless you explicitly allow it.

Ok, in that case, 2FA will trigger and there will be a prompt.

 

[smoking monkey]

That's why I crop out the faces in my photos.

What? In every single photo? So you haven't taken a photo of anybody with your iphone with their face in the frame?

If so and that's what you mean... WOW!

Are you a member of a SLSC? If so, you know they got you on camera every single time you go in there. The local Supermarket - Woolworths or Coles... they got you on camera as well. They can use it if law enforcement agencies ask for it.

 

[MacBH928]

Your sentence to which I responded was "Apple employees can open those files and will hand them over to any goverment [sic] entity when they request them." This is patently false.

https://www.rd.com/article/is-icloud-safe/ :

"Huth explains, “Third parties will only ever see encrypted, random data without any associated metadata. Since this uses strong encryption (the Advanced Encryption Standard with 128-bit keys), and since Apple holds those keys, privacy can be maintained against those third parties—but not against Apple.”"

 

[bluespark]

https://www.rd.com/article/is-icloud-safe/ :

"Huth explains, “Third parties will only ever see encrypted, random data without any associated metadata. Since this uses strong encryption (the Advanced Encryption Standard with 128-bit keys), and since Apple holds those keys, privacy can be maintained against those third parties—but not against Apple.”"

That doesn't contradict what I said, and this is getting tiresome. Yes, Apple holds the encryption keys -- no secret there -- and no, Apple doesn't "open those files and will hand them over to any [government] entity when they request them." But we don't need to keep debating this. If you think that Apple opens your photos and hands them over to the government upon request, then use something else.