October 22, 2014
Apple says systems not to blame for celebrity photo hacking
The week before a crucial launch of its new iPhone, Apple Inc said intimate photos of celebrities including Oscar-winner Jennifer Lawrence were leaked online through the apparent hacking of individual iCloud accounts.
Apple rushed to restore confidence in its systems' security, saying the celebrity photo scandal that also ensnared swimsuit model Kate Upton, actress Kirsten Dunst and possibly dozens more was the result of targeted attacks on accounts storing personal data and not a direct breach of Apple systems.
"We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," Apple said in a statement.
"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find My iPhone."
The celebrity hacking that came to light over the long Labor Day weekend nevertheless ranks among the highest-profile public fiascos for Apple in recent years.
Apple's iCloud service allows users to store photos and other content and access it from any Apple device. Security in the cloud has been a paramount concern in past years, but that has not stopped the rapid adoption of services that offer reams of storage and management of data and content off smartphones and computers.
Regardless of how the leaking of nude celebrity photos actually happened, the timing could not have been worse for Apple as it prepares to launch a new iPhone next week.
It also underscored the longer-term risks for mobile users as smartphones increasingly become the repository for far more sensitive healthcare, banking and personal data.
"Every great innovation is convenient but also a big opportunity for the bad guys in the world," said Marc Maiffret at security firm BeyondTrust.
Cybersecurity experts say the perpetrators possibly gleaned the celebrities' email addresses and mounted a long-term phishing attempt - a relatively straightforward attack through which hackers gain access to users' accounts by getting them to click on a compromised URL or Internet link.
The photos were posted on image-sharing forum 4Chan, prompting Lawrence's representatives to describe their release as a "flagrant violation of privacy" and contact law enforcement authorities.