Following this week’s nude celebrity photo scandal, Apple has claimed that its iCloud storage system was not breached in the attack- instead hackers were able to guess their passwords by observing their behaviour online and in TV interviews.
After an internal investigation, Apple said a ‘targeted attack’ on some user accounts led to the release of nude celebrity photos but that it found no breach of its cloud storage system.
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said on Tuesday.
‘None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.’
The Apple statement suggested that the celebrities had their accounts hacked by using easy-to-guess passwords, or by giving up their personal data to cybercriminals posing as Apple, a technique known as ‘phishing.’
The statement was the first since the release at the weekend of private, nude pictures of dozens of celebrities including actress Jennifer Lawrence and top model Kate Upton.
‘When we learned of the theft, we were outraged and immediately mobilised Apple’s engineers to discover the source,’ the Apple statement said.
The FBI confirmed it was investigating.
‘The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter,’ the US law enforcement agency said.
‘Any further comment would be inappropriate at this time.’
Bad timing ahead of cloud payments launch?
The news comes one week before Apple is expected to unveil the latest version of the iPhone, with new features that would increase the amount of private, valuable information stored with the company.
Apple has said the new iPhone’s software will feature a way to collect and share health-related data. Another new feature is expected to allow users to pay for real-world items with their iPhone using credit cards stored on iTunes.
Two-factor authentication to stay safe
Apple had more than 320 million accounts for its iCloud service as July 2013. The online system stores photos, music, emails and other data from Apple devices. It also supports other services such as Apple’s Find My iPhone feature that allows people to locate phones that are misplaced or stolen.
Apple suggested that users make sure they have a strong password and they enable two-step verification—a security feature that requires users to first type a password and then perform a second step, such as typing in a code received by text message.
Apple and others offer customers so-called two-factor authentication, an extra layer of security that will allow users to reset a password through a code sent to an email or phone.
Watch this video from the Daily Telegraph expalining how to stay safe with cloud storage: