Apple denies breach in celebrity iCloud 'hack'

Summary:Apple admits accounts compromised but states: 'None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.'

Apple releases statement on celebrity photo breach, denies culpability - Jason O'Grady
(Slide: Apple Inc.)

After telling Recode that it was "actively investigating" if iCloud accounts had been hacked, Apple today issued a statement on the recent hack and release of celebrity photos.

After compromising photos and videos of celebrities, including Jennifer Lawrence and Kate Upton, were released on image-sharing site 4chan on Sunday, Apple "mobilized Apple’s engineers to discover the source."

The statement says, in part that the Apple accounts of the celebrities were compromised: 

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

In the statement, Apple claims that iCloud and Find My iPhone were not breached:

None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.

Apple carefully worded the statement and didn't outright deny that the data came from iCloud or Find My iPhone. Instead, Apple said that "none of the cases we have investigated" were as a result of a system breach.

Some have speculated that the racy content may have come from iCloud backups (as opposed iCloud photos) because the leaked data included some videos – which aren't currently stored directly on iCloud.

Must See Gallery

Tax refund buying guide: 10 mobile devices from $150 to $17,000

With the average American getting nearly $3,000 of their money back from the government many are looking to treat themselves to a new mobile device. Matthew Miller has ten recommendations for you.

Apple was originally mentioned as a source of the photos after murmurs on 4chan implied that the content had come from "iCloud." This was immediately challenged, however, after several non-Apple devices were noted taking some of the selfies in question. 

The timing of Sunday's leak also implicated Apple because HackApp posted a proof of concept exploit for an iCloud flaw the day before, on Saturday. The "iBrute" vulnerability flooded the Find My iPhone website with password attempts without being locked out. Apple patched the FMF brute force vulnerability yesterday and now locks an Apple ID after five unsuccessful Find My iPhone password attempts.

Topics: Apple, Security


Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.