iCloud security not breached in hack, Apple claims
Apple has issued a statement claiming its iCloud storage platform was not widely compromised by an attack that resulted in the capture and wide dissemination of personal photos of over 100 celebrities.
The company says an internal investigation showed the theft the result of a “very targeted attack on usernames, passwords and security questions.”
After 40 hours probing the incident, Apple says it has found no evidence of its iCloud or Find My iPhone services were "breached" during the attack.
The company played up the need for users to deploy strong passwords two-step ID verification in order to protect themselves from hacks and claims it is working with the authorities to identify the perpetrators of the celebrity hack.
Notably, there was no hint of an apology to those affected.
The statement, in full, reads. “We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
“To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://ift.tt/1plXoL1.”
Apple’s denial its services were breached on a wide scale, detracts from the fact that these photos were still taken from iCloud accounts, which were accessed by unauthorised parties.
Reports on Monday had suggested a vulnerability within the Find My iPhone app had potentially allowed hackers to use a “brute force” attack to overwhelm the service with password requests, without them locking out after a certain number of attempts.
Apple’s media advisory does not make clear whether it considers such a “brute force” attack as a breach of its defences or whether this is how the perpetrators managed to get in to the accounts. Trusted Reviews has reached out to Apple for clarification.
Read more: Apple announces iCloud Drive at WWDC