Skip to main content

Apple says stolen celeb photos result of ‘very targeted attack,’ insists iCloud is safe

apple has to pay 348 million in fines for tax evasion italy hq logo
Image used with permission by copyright holder
As the FBI continues its investigation into an incident over the weekend that saw the private photos of more than 100 celebrities posted online by hackers after a suspected iCloud security breach, Apple on Tuesday issued a statement outlining what it had learned so far during its own investigation.

“We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” the Cupertino company said. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

In other words, the tech giant is saying its computer systems are secure, and suggests hackers obtained the content via methods that focused on specific individuals with Apple accounts. While it may be reassuring to know that hackers were unable to steal masses of user information in one fell swoop, it remains a concern that they were able to find a way around Apple’s online security system to break into the accounts of so many people.

In fact, Apple’s advice in its statement that users enable two-step verification for their accounts suggests that without it, vulnerabilities remain for hackers to exploit.

It’s been suggested by some security experts that hackers in this latest incident followed the tried and tested method of tricking users into giving up log-in information through bogus emails purporting to be from Apple, which ask users to verify their Apple IDs by providing information via a link within the email. It’s also thought that special software ordinarily used by security agencies to pull data from Apple’s smartphone could have played a part in the attack on celebrities’ iCloud accounts.

Related: Will passwords ever go away?

The material recently nabbed by hackers includes naked and semi-naked photos and videos of 101 celebrities, among them Oscar-winning actress Jennifer Lawrence, model and actress Kate Upton, and singer Rihanna. Some of those hit in the attack have said the photos claiming to be of them are fake, while others have confirmed their authenticity.

The FBI said Monday it was “aware of the allegations concerning computer intrusions and the unlawful release of material involving high-profile individuals,” adding that it was “addressing the matter.”

Apple launched iCloud in 2011 as a place for users to remotely store and back-up content such as music and photos. With the company days away from launching its new iPhone, together with iOS 8, the hack couldn’t have come at a worse time. The updated iOS is expected to mark a significant move into mobile payments as well as health and fitness, though in the light of this week’s events, users are likely to be more wary about storing personal information in the cloud until they can be convinced of the reliability and safety of Apple’s online security systems.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
iCloud doesn’t encrypt your data, but these cloud storage apps do
Encrypted Cloud

By now, it's well-known that Apple does not encrypt your iCloud backups, but there's no need to fret. There are plenty of other ways to accomplish the task of securely backing up your data to the cloud. Several services offer more secure storage with various encryption options. Here are the iOS apps to consider if privacy is your thing.
Tresorit

Tresorit offers encryption services for business, enterprise, and personal users. Secured with AES 256 end-to-end encryption, your files are safe both on the company’s servers and while in-transit to your device. Tresorit stores your data across multiple Microsoft Azure data centers in the European Union. The company is headquartered in Switzerland, which has stricter privacy laws than most other countries, including the U.S. Tresorit features include document version tracking and the ability to share drive documents securely. Prices range from free to $24 per month.

Read more
Report says Apple doesn’t secure iCloud backups because the FBI asked it not to
Sign in to iCloud

Apple has been caught in a public tussle with the government over unlocking iPhones of suspects in investigations far too many times but the company has invariably sided with its privacy principles refusing to budge and offer access. Behind the scenes, however, Apple may have been a lot more obliging with U.S. law enforcement and intelligence agencies.

A new Reuters report claims Apple backtracked on its plan to end-to-end encrypt iPhone owners’ iCloud backups after the FBI, citing that the move would harm investigations, hounded it not to go ahead with it two years ago.

Read more
Don’t buy this new Motorola phone — get this other one instead
Renders of the Moto G 5G (2024) and Moto G Power 5G (2024).

the Moto G 5G (left) and Moto G Power 5G Digital Trends

Budget phones can slip under the radar when shiny, powerful flagships launch. But if you're in the market for a smartphone that gets the job done and won't blow a four-figure hole in your bank balance, then a great budget smartphone is the way to go.

Read more