Apple denies breach in celebrity iCloud 'hack'

Summary:Apple admits accounts compromised but states: 'None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.'

Apple releases statement on celebrity photo breach, denies culpability - Jason O'Grady
(Slide: Apple Inc.)

After telling Recode that it was "actively investigating" if iCloud accounts had been hacked, Apple today issued a statement on the recent hack and release of celebrity photos.

After compromising photos and videos of celebrities, including Jennifer Lawrence and Kate Upton, were released on image-sharing site 4chan on Sunday, Apple "mobilized Apple’s engineers to discover the source."

The statement says, in part that the Apple accounts of the celebrities were compromised: 

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

In the statement, Apple claims that iCloud and Find My iPhone were not breached:

None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.

Apple carefully worded the statement and didn't outright deny that the data came from iCloud or Find My iPhone. Instead, Apple said that "none of the cases we have investigated" were as a result of a system breach.

Some have speculated that the racy content may have come from iCloud backups (as opposed iCloud photos) because the leaked data included some videos – which aren't currently stored directly on iCloud.

Must See Gallery

Seven great smartphones you can't buy in the US

The US has no shortage of attractive smartphones at the moment, from cheap-but-featured packed Androids to the latest flagships from the big names. But not all the best devices are available Stateside. Here are some of the best handsets that are just out of reach for Americans.

Apple was originally mentioned as a source of the photos after murmurs on 4chan implied that the content had come from "iCloud." This was immediately challenged, however, after several non-Apple devices were noted taking some of the selfies in question. 

The timing of Sunday's leak also implicated Apple because HackApp posted a proof of concept exploit for an iCloud flaw the day before, on Saturday. The "iBrute" vulnerability flooded the Find My iPhone website with password attempts without being locked out. Apple patched the FMF brute force vulnerability yesterday and now locks an Apple ID after five unsuccessful Find My iPhone password attempts.

Topics: Apple, Security


Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.