So i'd wager there'd be quite a few celebrity dick picks available too if hackers wanted them. We know men like to send them unsolicited, and I'm sure those celebrities had received more than a few. But there are none. And why? Because those women were specifically targeted by people with a lot of resources and patience. (it's important that they were targeted specifically for being women).<p>To all of you idiots blaming the victims out there right now "should have used 2fa, should have used stronger passwords":<p>1. You don't know if 2FA was in place, you don't know what strength the passwords were.<p>2. Again: those women were highly targeted. Can you defend yourself if someone takes a week/month long project to break into your phone? (Also this was during heartbleed and other big vulnerabilites)<p>Come off your bullshit high horse. Don't blame the victims here.
So, basically find any celebrity interview where they state what school they went to, their first pet, etc.<p>Exactly the same way that Sarah Palin's email was hacked - <a href="https://en.wikipedia.org/wiki/Sarah_Palin_email_hack" rel="nofollow">https://en.wikipedia.org/wiki/Sarah_Palin_email_hack</a>
So "This is a very common attack on the Internet that we didn't do much to protect you against by default"?<p>It's a pain setting up two step authentication across a lot of services, but I guess iCloud is probably one that's worth the effort. Still I'd rather brute force was not an option.
From what I've read on 4-chan, Ars, Slashdot (indiv. comments, not articles) and other sources that this wasn't one person hacking a group of celebs acount, but a leak from an underground celeb nude trading ring that has existed for a while. So multiple hackers over a long period of time, from multiple sources.<p>link to one explanation:
<a href="http://i.imgur.com/vnd0H9J.jpg" rel="nofollow">http://i.imgur.com/vnd0H9J.jpg</a>
The damage has been done, surely?<p>Headlines around the world are "iCloud hacked", "Apple hacking scandal", "Are your photos safe on iCloud?" etc.<p>Meanwhile celebrities like Kirsten Dunst have described iCloud as a "piece of shit" (a tweet with emoticons).<p>Timing is not great for Apple since they are supposed to be launching health and payment related features for iOS in the next few days.<p>Question is, would Apple have responded so quickly if celebrities weren't involved?
<i>> After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.</i><p><i>>None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.</i><p>Um... doesn't "a very targeted attack on user names, passwords and security questions" count as a "breach in... Apple's systems"? A social engineering hack is still a hack.
At what point do tech companies start making two factor authentication mandatory?<p>It's one thing to say "We tell our users to use two factor authentication - it's their fault if they don't use it" but it's another to say "all user accounts use two factor authentication to ensure security of their data"
> <i>After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.</i><p>So, the brute force attack with reasonable guesses at email addresses?
> "we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions"<p>> "None of the cases we have investigated has resulted from any breach in any of Apple’s systems"<p>Don't these lines contradict each other?
People have become so close with their smartphones that they entrust it with more information than their friends know.
In addition no brand is more loved than Apple, with many celebrities being ambassadors to the brand. The brand is planning to introduce new payment and health services next week.<p>For the average consumer two-factor-authentication means nothing, but they will start distrusting Apple more and will be more careful with data. This does not mean they will use more and better security. The average consumer will just stop using some of these services.
I'm still wondering if the Find My iPhone brute force bug was exploited.<p>Why doesn't Apple at least offer a bug bounty reward? Is it irresponsible that they don't?<p>All they offer now, as far as I have found, is a mention on this web page:<p><a href="http://support.apple.com/kb/HT1318" rel="nofollow">http://support.apple.com/kb/HT1318</a><p>And, does the fact that this bug made it into production suggest a lack of internal security audits at Apple?
It seems like it would be a feat to gather all the user IDs of these famous people in the first place. I'm guessing there's a black market just for that? I used to work on a service used by quite a few famous people, if anybody on the project was unscrupulous, it would have been easy to pass those emails and other personal information on to a hacker.
If anyone wants to setup 2FA for their Apple ID here's their support page on it: <a href="http://support.apple.com/kb/ht5570" rel="nofollow">http://support.apple.com/kb/ht5570</a>
Just a friendly remind of the sites that support 2FA, Apple is on the list: <a href="https://twofactorauth.org/" rel="nofollow">https://twofactorauth.org/</a>
I'm confused. The description of the problem doesn't rule out an issue with IBrute (targetted attack on usernames, passwords) but then they state it wasn't an issue with ICloud or FindMyPhone.<p>Is this to suggest that its social engineering or just a password reset job? I don't otherwise see how an attack on usernames and passwords translates.<p>I guess the thing I'm really trying to figure is that if it was IBrute (which personally I would find an embarrassing failure) would they actually admit it?
I am kinda of sick of hearing about how celebs got hacked and how it is such a big deal.<p>The media over hypes these things and really the celebs involved should of used stronger passwords and/or 2 factor authentication. They should of known better.<p>People get "hacked" this way tons of times by using weak passwords and/or security questions. You'll never see that appear in the media.<p>The inequality here is the importance the media places on Kate Upton, Jennifer Lawrence, etc. It a waste of tax payer money to get the "FBI" invoked. I see it also has a waste for the government to chummy up with these "celebs". Some of them are great entertainers no doubt, but what have they done to really deserve the popularity they have.<p>Have they build something that tremendously improves people lives. Are they key decision makers on items that effect people? Yes Jennifer Lawrence is a great actress but c'mon.<p>Stop giving importance to celebs by not reading news about them. Radaronline, Tmz, etc.