Apple confirms that celebrity accounts were compromised in targeted attack
Since a cache of nude photos of celebrities appeared online, Apple has remained fairly tight-lipped about what may or may not have happened. Right from the start rumors were flying around that Apple's iCloud service may have been comprised or that Find My iPhone may have been to blame. The company said that it was "actively investigating" the suggestions but then things went quiet again. The FBI became involved, but it has been a frustrating 48 hours for anyone trying to find out what happened. Now Apple has issued a statement making it clear that a security attack did indeed take place.
Entitled Update to Celebrity Photo Investigation the statement reads:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
The fact that this is described as a "very targeted attack" should come as some comfort to the average Apple customer, but the company has issued security advice nonetheless.
As reported by the Guardian, the individual who posted the photos to 4chan over the weekend posted a message that suggests there could be more photos to come. "I will soon be moving to another location from which I will continue to post". The post goes on to say: "Guys, just to let you know I didn’t do this by myself. There are several other people who were in on it and I needed to count on to make this happen. This is the result of several months of long and hard work by all involved".
With the imminent launch of the iPhone 6 this all comes at a very bad time for Apple. Security issues and account attacks are never good news, but the company would prefer attention was directed elsewhere at the moment.