Wednesday, December 24, 2014

Apple admits iCloud attack was the source of celebrity leaks

Jennifer Lawrence Kevin Mazur/WireImage

Over the weekend, celebrities such as Jennifer Lawrence and Kate Upton had private photos leaked online. Now Apple has confirmed speculation that the leak was due to hackers targeting the victims' iCloud accounts:

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.

Of course, whether this constitutes a "breach" or not is a matter of opinion. Apple presumably means that the attackers gained access by correctly guessing the victims' "security questions" rather than employing more technically sophisticated hacking techniques.

But either way, Apple bears some responsibility for these attacks. Security researchers have long known that "security questions" aren't very secure — especially for celebrities whose every personal detail is intensely scrutinized by the public.

Get Vox in your inbox!

By signing up, you agree to our terms.

X
Log In Sign Up

forgot?
forgot?
Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot username?

We'll email it to you.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Forgot username?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_10934_tracker