Apple: Stolen Celeb Nudes Were Result Of Good Guessing, Not Data Breach
In a statement released this afternoon, Apple explains (bolded for emphasis):
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
The question is what, exactly, constitutes a data breach.
No, the hackers did not find some back door in iCloud or the Apple network to access these victims’ accounts.
So that should be some comfort for people who might have been worried that these stolen images were just part of a much larger data heist, or that there was some easily exploitable hole in iCloud.
But what the Apple statement does not address is the original claim made by hackers that they were able to unlock these victims’ accounts via brute force, by repeatedly trying passwords and/or security questions until they succeeded.
This should not be an option, and the fact that outsiders were able to eventually figure out these answers does still raise concerns about Apple’s safety protocols. So it’s not a data breach, but personal data has been stolen.
The only way in which Apple could be completely blameless is if these hackers had gained access to passwords and security questions through other means and were able to enter them into the account within the first few attempts.
Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.