According to a statement Apple released to the media on Tuesday, hackers targeted individual celeb iCloud accounts. Apple’s vague statement leaves a number of questions unanswered and appears to blame its loyal and trusting users.
The statement released by Apple is below:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
Apple’s vague response to the hacking of celeb accounts does not explain how the hackers were able to access celeb’s individual iCloud accounts. It also does not explain how hackers were able to access celeb’s individual iCloud accounts.
Apple’s artfully (and lawyerly) worded statement states there was a “very targeted attack on user names, pass words and security questions” but Apple fails to whether a flaw on Apple’s end allowed hackers to gain access to celeb accounts. Based on Apple’s statement, the main theory on the web – a brute-force attack on iCloud accounts – seems likely with a flaw in Apple’s systems allowing hackers to use trained monkeys to repeatedly guess a users username and password. This is not a new type of attack on iCloud and should not come as a surprise to Apple. Apparently, attacks on individual iCloud accounts have been going on for quite some time. Hackers known as “iCloud rippers” have been stealing photos from iCloud and posting them online on services such as AnonIB (NSFW).
In my earlier posts I noted that I was pleased with Apple’s efforts. However, with new information coming to light it is a disconcerting to learn that Apple appears to have known of vulnerabilities in its cloud systems for quite some time but failed to take any action to plug the vulnerabilities to protect its users data. Instead, of fixing the vulnerabilities in its systems and admitting to the error of its ways Apple seems to be blaming its users for not using strong passwords or two-factor authentication.
Apple won’t acknowledge how vulnerable iCloud is, of course—not with new iPhones to unveil in exactly a week. And really, do you think the company that told us to hold our defective iPhones differently will admit your naked sexts are easy to steal? This is the house of arrogance that Steve Jobs built, and it’s on the verge of releasing a new version of iOS that backs up not just your last 1,000 iPhone photos, but all of them, along with your digitized health data. This is the last company on Earth you should want feeling too proud to admit it fucked up.
Apple better get its shit (and security) together before the release of its iOS 8 update that will store even more of a users personal health and fitness (medical) data in the cloud on Apple’s servers.
As new reports and statements are released relating to the hack of celeb accounts, we will continue to keep you updated.