Tim Cook: Apple to Add Security Alerts for iCloud Users, Broaden Two-Factor Authentication

[C DM]

I'm not getting into a debate because none of us really know enough. But if we know that Apple wasn't hacked, then the user accounts must've been breached through simpler methods. That sounds like guessing passwords to me either manually or using a script. It's only possible to guess passwords when you have an unlimited amount of guesses or have enough time to wait for guess attempts to reset. Therefore, most of these photos (the ones from iCloud) could have only been stolen before Apple removed the ability to make unlimited guesses. Do we really know anymore than that at this point?

We do know more, as it's already been covered that for the most part it was resetting passwords through answering security questions, or obtaining them through other means like phishing or social engineering. And that this was part of a larger ongoing thing online from all kinds of services over much longer periods of time than just now/recently.

 

[zipa]

They did think of this before the damage was done. A year and a half ago Apple released 2-step verification.

TBH, this incident was the first time that I heard of it.

 

[C DM]

TBH, this incident was the first time that I heard of it.

But it was there. The fact that people don't look into what they use or keep up with it enough to understand what's available to them doesn't change the the solutions can very well be there for them to use (and were in this case).

 

[76ShovelHead]

I don't think Tim is taking responsibility so to speak, and would like to try to keep Tim vs Steve debate out of this discussion but:

In all honesty, Tim has appropriately addressed this issue by offering consumers support and proactively educating consumers of the importance/including methods to double ones' security.