NewsBite

Apple says iCloud storage system not breached but passwords on celebrity accounts compromised in targeted attack

APPLE says that some celebrity accounts were compromised in a “targeted attack” but has found no signs of a breach of its iCloud storage system.

Apple plays down security concerns in nude photo scandal

APPLE says a “targeted attack” on some user accounts led to the release of nude celebrity photos but that it found no breach of its cloud storage system.

“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said on Tuesday.

“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

The statement was the first since the release at the weekend of private, nude pictures of dozens of celebrities including actress Jennifer Lawrence and top model Kate Upton.

“When we learned of the theft, we were outraged and immediately mobilised Apple’s engineers to discover the source,” the Apple statement said.

Targets ... Oscar-winner Jennifer Lawrence and pop star Rihanna had their private images stolen in the attack. Picture: AFP
Targets ... Oscar-winner Jennifer Lawrence and pop star Rihanna had their private images stolen in the attack. Picture: AFP

The FBI confirmed it was investigating.

“The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals, and is addressing the matter,” the US law enforcement agency said.

“Any further comment would be inappropriate at this time.”

The Apple statement suggested that the celebrities had their accounts hacked by using easy-to-guess passwords, or by giving up their personal data to cybercriminals posing as Apple, a technique known as “phishing.”

Hundreds of nude pictures of the stars were apparently posted, causing shockwaves in Hollywood and in the computer security community.

Among the scores of celebrities whose pictures were allegedly stolen were singer Avril Lavigne, actress Hayden Panettiere and United States soccer star Hope Solo.

Former Nickelodeon star and singer Victoria Justice said the images claiming to show her nude were anything but the real deal.

Security breach ... Among the scores of celebrities whose pictures were allegedly stolen was singer Avril Lavigne. Picture: C Flanigan/Getty Images
Security breach ... Among the scores of celebrities whose pictures were allegedly stolen was singer Avril Lavigne. Picture: C Flanigan/Getty Images

Chris Morales, a security specialist with NSS Labs, told AFP the hack appeared to be going on for some time, accessing multiple accounts -- not just of celebrities but of their friends and associates.

“The pictures weren’t just from celebrity accounts,” Morales said.

“They might have been from friends or ex-boyfriends or other people. Someone did a lot of digging.”

Morales added that it is possible that the person or persons who leaked the pictures were not the hackers, but obtained the photos later.

“The people who put it online were trying to trade photos for bitcoins,” he said.

“It was claimed that this was a sampling of a bigger cache.”

Morales said Apple’s security practices may be called into question but that it is following industry standards.

“They want to make it easy to use, so it is easy to hack,” he said.

Apple and others offer customers so-called two-factor authentication, an extra layer of security that will allow users to reset a password through a code sent to an email or phone.

HEY, NUDES, GET OFF OF MY CLOUD

Original URL: https://www.news.com.au/technology/online/security/apple-says-icloud-storage-system-not-breached-but-passwords-on-celebrity-accounts-compromised-in-targeted-attack/news-story/f5741a1205bc2c05ad3ce2ff1e66d5f5