In case you missed it, a number of high-profile celebrities had their very private images leaked onto the Web. But while it was rumored that Apple’s iCloud infrastructure was to blame for the large-scale breach, the Cupertino giant has stepped out and denied that its services were to blame in an official statement on the matter.
With iCloud and Find my iPhone having been dragged through the mud – and not for the first time – after the latest spate of hacks, it was inevitable that Apple would want to clear things up one way or another. The news outlets and blogs have continued to reference iCloud as the alleged culprit in this particular violation, with Hollywood actress Kirsten Dunst even taking to Twitter to offer to “thank” iCloud for allowing her private snaps to leak online.
But Apple has denied any wrongdoing in a press release, instead suggesting that the attack was down to culprits targeting usernames, passwords, and security questions. From the statement, we can glean that most if not all of those afflicted by this incident did not comply with the highly-recommended two-step verification Apple offers to bolster accounts against such events, and as such, the victims in this case perhaps did not protect themselves as well as they might have.
The press post notes that the company was “outraged” by the incident, and with iCloud being mentioned as the villain, “immediately mobilized Apple’s engineers to discover the source.”
However, following an internal inquest, the company had this to say on the matter:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
Apple does maintain that it is working with the authorities in order to help find those responsible for this whole ordeal, and also recommends that users concerned by this outbreak always opt for a strong password and two-step verification.
So, there you have it. Much like the incident earlier this year where culprits had apparently breached iCloud, the actual issue is that folks don’t take enough care with their passwords. Numbers, letters, and special characters should be aplenty whenever you’re creating your secret passphrase, and even though retyping it can get a little cumbersome, I’m sure many of the celebs involved would rather that than what unfolded earlier this week.