quote:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at https://support.apple.com/kb/ht4232.

Looks like a little social engineering is to blame.

This post was edited on 9/2/14 at 1:45 pm

8 ...

Report Post

Posted by HailToTheChiz

Back in Auburn

Member since Aug 2010

49156 posts

Posted on 9/2/14 at 1:43 pm to colorchangintiger

Riiiight

1 ...

Report Post

Posted by CAD703X

Liberty Island

Member since Jul 2008

78617 posts

Posted on 9/2/14 at 1:49 pm to colorchangintiger

quote:
we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at

because like apple can't enforce stronger password creation rules??

scottrade, salesforce.com and my bank require not only much more rigid letter/number combinations than apple but they also require i change them on regular intervals as well.

eta icloud noods not as important as my last stock trade i guess.

This post was edited on 9/2/14 at 1:51 pm

2 ...

Report Post

Posted by gmrkr5

Member since Jul 2009

14904 posts

Posted on 9/2/14 at 1:49 pm to colorchangintiger

wtf is it then Apple

where is my LOL face...

here it is...

This post was edited on 9/2/14 at 1:50 pm

0 ...

Report Post

Posted by Spock's Eyebrow

Member since May 2012

12300 posts

Posted on 9/2/14 at 1:51 pm to colorchangintiger

Here's hoping they're not playing games with the word "breach", because if those accounts were brute forced, that would be pretty Clintonesque of them.

0 ...

Report Post

Posted by gmrkr5

Member since Jul 2009

14904 posts

Posted on 9/2/14 at 1:51 pm to colorchangintiger

quote:
Looks like a little social engineering is to blame.

Social engineering of some sort was used to obtain the IDs but a flaw in find my iphone allowed for the brute force attempts to occur. apple should have locked the IDs after multiple failed tries but it did not.

2 ...

Report Post

Posted by Scoop

RIP Scoop

Member since Sep 2005

44583 posts

Posted on 9/2/14 at 2:40 pm to colorchangintiger

Another thing worth noting is that this wasn't as simple as just taking pictures saved to photo stream. There were apparently videos and for you non Apple users, videos do not back up to photo stream. Those would have to come from phone back ups and apparently Apple's security set up does not allow back ups to be pulled down to a computer.

This post was edited on 9/2/14 at 2:47 pm

1 ...

Report Post

Posted by jdd48

Baton Rouge

Member since Jan 2012

22165 posts

Posted on 9/2/14 at 3:23 pm to colorchangintiger

Look closely at the semantics here - "None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. "

So, how many cases is that? 1? 5? 25? They've clearly left themselves room to walk it back by not specifying an actual number.

1 ...

Report Post

Posted by Fireman17