Apple says iCloud is not to blame for leaked celebrity nudes

Photo: Jim Merithew/Cult of Mac

Photo: Jim Merithew/Cult of Mac

Apple flat-out denies that an iCloud security breach led to the trove of celebrity nudes that leaked over Labor Day weekend. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone,” said the company in a statement.

Private photos of stars like Jennifer Lawrence were posted on the internet over the weekend, and initial reports pinned the hack on a flaw in iCloud’s login security.

The Next Web reported on a tool that allowed a hacker to attempt an unlimited number of “brute force” login attempts on an iCloud account. Apple quietly patched the flaw in a pretty short amount of time, but there’s been speculation that a similar technique was used to gain access to celebrities’ photos.

After investigating the issue, Apple has come to the conclusion that its security is not to blame. Instead, the company says the photos are a result of a “targeted attack” on celebrity user names and passwords. The FBI is investigating, and Apple is working with law enforcement to identify the hackers.

Two-step verification, a security measure Apple offers, likely would have prevented hackers from accessing the photos. The problem is that two-step verification is pretty complicated to enable, and it requires some digging to access that normal iCloud users won’t attempt.

Ensuring iCloud’s security to the public is incredibly important to Apple right now

In light of Apple’s HealthKit API and the proposition that iCloud will likely be storing personal health data in the near future, ensuring iCloud’s security to the public is incredibly important to Apple right now. Media scrutiny is high, and Apple can’t afford for iCloud to be labeled insecure ahead of its new hardware and software launches this fall.

Apple’s full statement:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

  • Michael Smith

    Completely wrong about the difficulty in activating. Setting up 2 factor with Apple was much simpler than with Google.
    Once activated on Apple you get a message on your registered device with the unlock code. And the 3 days waiting period is being responsible, it would suck if someone locked you out of your account without your knowledge.
    Maybe the process has gotten better with google but when I activated it you had to download an app and scan in a code, print out a list of backup codes, and every step of the process feels like you are about to make a mistake and lock yourself out of your account forever. I still don’t quite understand how the Google Authenticator App works. I believe its time based because at one point my clock was off and the signup was not accepting the codes. That was a very stressful day until I figured it out.

  • AAPL_@_$101_Is_A_Done_Deal_:)

    Too late. The whole world already believes iCloud is insecure because the news media likes to jump the gun when it comes to reporting something about Apple. Even if Apple tries to explain it wasn’t their fault the haters will claim that Apple is trying to cover up a breach before the iPhone 6 event. That’s how it is when the news media is trying to find every little fault with a company. They always want to believe the worst and ignore the truth.

    • I’m batman

      Amen!

    • NitzMan

      I agree with you, however in this situation I think that Apple should be more proactive in making a statement. Get a company representative to speak to the press and answer their questions. The media loves dishing out FUD, so in issues of security, Apple should be on the front line.

      What I think Apple needs to do now is run a security campaign to just let people know how secure iCloud and the rest of their products really are.

    • Harlon Katz

      Come on – the opposite is true. Most of this has been white-washed to protect Apple’s image. When this first came out, nothing was really stated about Apple or iCloud – that part was kept out of the press for a while. If anything, the media fawns over Apple, giving them a free pass when companies like MS or Google would be skewered.

  • Kr00

    If well known people are going to use their public emails as an ID to any service, they’re dumb, but then taking multiple nude pictures of yourself with a device that uploads them to the cloud, is another sign of their intelligence. What is it with these people and nude pics and sex videos?

    • Steven

      Probably the same thing it is with 99.9% of the general public who know how to use a smartphone – they just don’t know how to use it safely and securely. As the defacto Apple guy in my office, I can’t tell you how many times I’ve tried explaining iCloud, Photostream and other pretty basic services to people whose eyes glass over in about 15 seconds. They may have 3,000 pics on that phone, but they have no idea where the pics are stored, where they are uploaded, etc. In this regard, they are as ignorant about tech as I am about car mechanics or guns, for example.

      And maybe you should be a little less judgmental about what people do with their personal tech in their own private lives. If Jennifer Lawrence wants to take nude pictures, she had every right. And ONLY if she decides to show them to the public should they ever be seen by anyone other than those with whom she shares them.

      • Kr00

        So I can’t be judgemental, but you can? Nice. Thanks.

        Its called an opinion. Am I allowed to have one of those, aren’t I? Talk about being judgemental.

        My point is, in my “opinion”, you or anyone are a fool if you take nude pics or sex videos of yourself, regardless of what you use. Now can I breathe the air?

      • Steven

        Not really sure where my reply was judgmental. I did use the word ignorant, but in context it’s obvious I used it in the purest sense of the word, as in having no knowledge of something, as I expressed my lack of knowledge in mechanics and guns. I didn’t even say anything judgmental about you, especially nothing to warrant your response.

      • Kr00

        If you don’t like my opinion, just say so. You going on a rant about how wrong I am to have such an opinion, is being judgemental, is it not? Your opinion on this is no more right or wrong than mine. Enjoy your opinion, just don’t tell me how I should think. Whatever you believe, I won’t change my thoughts on morons taking nude selfies.

  • Green Bean Jimmy

    Can you confirm that several nudes of you have been leaked?

  • SuperJ Consulting

    It’s a bad idea to put sensitive data into the cloud. Apple’s fault is pushing users to put EVERYTHING into the cloud, leaving no options for offline syncing of that sensitive stuff

About the author

Alex HeathAlex Heath is a senior writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , |