Sep 02, 2014

How were so many celebrities’ iCloud accounts compromised?

Not to delve in to the files that were stolen, but I assume most people have heard about the multiple celebrities’ iCloud account that have been breached and had their private content stolen. I would assume it was some weak password if it had been one celebrity, but multiple high profile accounts being compromised at the same time suggests something more serious. Is there a security flaw in iCloud, or did someone just get lucky?

How easy is it to crack into an Apple iCloud account? We tried to find out

"Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions. This is assuming they don’t have two-step verification enabled.

If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts. You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.

While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used. "

I have heard speculation that there was a possible “man in the middle” attack at the Emmy Awards, but I haven’t seen any real evidence of that, and Apple apparently doesn’t think that was the cause either. 


Apple just released the following statement: 

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet." 

Answer this