Apple On iCloud Breach: It's Not Our Fault Hackers Guessed Celebrity Passwords
Apple Inc. (NASDAQ:AAPL) says it spent 40 hours investigating the theft of nude photos from celebrity iCloud accounts and came to one conclusion: It's not our fault.
In a statement, the company refers to the hack as “a very targeted attack on user names, passwords and security questions," rather than a systemic vulnerability of Apple's cloud-based services. The statement leaves unresolved exactly how celebrities such as Ariana Grande, Avril Lavigne and Kate Upton would have private photos stolen and posted on the message board 4chan.
Apple's statement claims the burglars didn't break into its systems, but simply looked for places people typically leave the keys to their own data. Many observers attribute the attack to what's called a “brute force” method, which guesses a dictionary’s worth of passwords on a select account or group of accounts until it guesses correctly. The account is compromised, but only as a result of entering a correct password.
A security researcher named Alexey Troschichev revealed that it’s possible to marry this exploit to a list of common passwords to get a computer’s help in guessing the correct password. A flaw in the Find My iPhone API makes it possible for bad guys to guess your password over and over again without being locked out, and Apple patched this flaw hours after the hack was revealed.
Apple's full statement below:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
© Copyright IBTimes 2024. All rights reserved.