Apple Says Nude Celebrity Photo Dump Wasn’t Result of iCloud, Find My iPhone Breach

Leaked nude photos of female celebrities like Jennifer Lawrence and Kate Upton sent the internet into overdrive on Sunday afternoon. Hundreds of pictures were posted online showing celebrities in various states of undress. Some victims denied that the photos were authentic, while others admitted to their authenticity and vowed legal action.
 
Some, like actress Kirsten Dunst, went so far as to add a bit of humor while still blaming Apple for the breach of privacy:

Thank you iCloud????

— Kirsten Dunst (@kirstendunst) September 1, 2014

 
Regardless of whether some of the images released were fakes, a good majority of them were real and there are some serious privacy issues at hand with the photo leaks. As we reported yesterday, there are various theories floating around as to how this hack was performed, with one of the more popular ones presented by TheNextWeb.
 
According to TheNextWeb, hackers were able to use a “brute force” attack on the Find My iPhone service to capture the passwords of celebrities’ iCloud accounts in order to access private photos.
 
Another possibility, which we also addressed, was that this wasn’t a single, large data breach that affected iCloud over a short period of time. Instead, it was the result of hackers specifically targeting individual celebrities over the years and amassing a huge collection to trade amongst other underground nude photo peddlers. However, the massive grab bag of photos sprung a leak and eventually burst resulting in Sunday’s free-for-all.   “That’s all I can stands, and I can’t stands no more.” Jennifer Lawrence and her representatives are livid of the photo leaks. [Image Source: Kevin Winter/WireImage]
According to Apple, the latter theory is the correct one. Apple has released the following statement which looks to cast aside any notion that iCloud was breached:
  We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
 
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232″ rel=”nofollow.  
The FBI is still investigating the attack, and the original leaker is reportedly on the run at this moment.