September 2, 2014

Apple Denies Find my iPhone/iCloud Security Breach



Apple has responded to the recent hackings of celebrity’s iCloud accounts which resulted in leaked private and revealing photos of well-known stars such as Jennifer Lawrence and Kate Upton.

Apple says neither iCloud or Find my iPhone has been breached after a 40 hour investigation done by the company. Apple says that “certain celebrity accounts were compromised by a very targeted attack on usernames, passwords, and security questions”.

Leaked, personal images of celebrities started appearing on a Reddit thread on the 31st of August 2014. Many users has claimed that the photos were obtained through a vulnerability in Apple’s iCloud server and were found in celebritie’s photo streams. When taking a photo on an iPad, iPhone, or iPod Touch, iCloud automatically syncs it with the user’s photostreams. Although some celebrities such as Trisha Hershberger reported that they do not even use an iPhone, lead many to believe that iCloud was not entirely at fault and the images were obtained through other sources.

Reports has also claimed that the hacker has also acquired videos and plans to sell them to TMZ for a few thousand dollars. These of course, were all from an anonymous source on the 4chan /b/ thread and could be a real threat.

Apple recommends that users should use a strong password and enable two-step verification on iCloud accounts to prevent any future hackings. The company also says that it is working with law-enforcement to track down the hackers. The FBI is also investigating the alleged hackings.

Photostream syncs your photos to your iCloud account.
Full statement from Apple Inc :

             CUPERTINO, Calif.–(BUSINESS WIRE)–We wanted to provide an update to our                                            investigation into the theft of photos of certain celebrities. When we learned of the
             theft, we were outraged and immediately mobilized Apple’s engineers to discover 
             the source. Our customers’ privacy and security are of utmost importance to us.
             After more than 40 hours of investigation, we have discovered that certain celebrity 
            accounts were compromised by a very targeted attack on user names, passwords 
            and security questions, a practice that has become all too common on the Internet. 
            None of the cases we have investigated has resulted from any breach in any of
            Apple’s systems including iCloud® or Find my iPhone. We are continuing to work 
            with law enforcement to help identify the criminals involved.

            To protect against this type of attack, we advise all users to always use a strong 
            password and enable two-step verification. Both of these are addressed on our 
            website at http://support.apple.com/kb/ht4232.