As the FBI continues its investigation into an incident over the weekend that saw the private photos of more than 100 celebrities posted online by hackers after a suspected iCloud security breach, Apple on Tuesday issued a statement outlining what it had learned so far during its own investigation.
“We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” the Cupertino company said. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
In other words, the tech giant is saying its computer systems are secure, and suggests hackers obtained the content via methods that focused on specific individuals with Apple accounts. While it may be reassuring to know that hackers were unable to steal masses of user information in one fell swoop, it remains a concern that they were able to find a way around Apple’s online security system to break into the accounts of so many people.
In fact, Apple’s advice in its statement that users enable two-step verification for their accounts suggests that without it, vulnerabilities remain for hackers to exploit.
It’s been suggested by some security experts that hackers in this latest incident followed the tried and tested method of tricking users into giving up log-in information through bogus emails purporting to be from Apple, which ask users to verify their Apple IDs by providing information via a link within the email. It’s also thought that special software ordinarily used by security agencies to pull data from Apple’s smartphone could have played a part in the attack on celebrities’ iCloud accounts.
Related: Will passwords ever go away?
The material recently nabbed by hackers includes naked and semi-naked photos and videos of 101 celebrities, among them Oscar-winning actress Jennifer Lawrence, model and actress Kate Upton, and singer Rihanna. Some of those hit in the attack have said the photos claiming to be of them are fake, while others have confirmed their authenticity.
The FBI said Monday it was “aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals,” adding that it was “addressing the matter.”
Apple launched iCloud in 2011 as a place for users to remotely store and back-up content such as music and photos. With the company days away from launching its new iPhone, together with iOS 8, the hack couldn’t have come at a worse time. The updated iOS is expected to mark a significant move into mobile payments as well as health and fitness, though in the light of this week’s events, users are likely to be more wary about storing personal information in the cloud until they can be convinced of the reliability and safety of Apple’s online security systems.