Apple: Celeb Nudes Came From Targeted Attacks, Not iCloud Breach

Apple has acknowledged that a security breach of user accounts resulted in a number of celebrity nude photos being leaked. But! The company denies that it had anything to do with iCloud. That's good news for you, and troubling to hear if you're a celeb with undiscovered nudes floating around.

Apple's statement, reproduced in full below, says that iCloud servers were not compromised. Instead, celeb accounts were specifically targeted using what sounds like a combination of social engineering and brute force (which is to say, hackers guessed at and/or ran through a huge combination of user names, passwords, and security questions to gain access). This is basically good news, since an exploit in iCloud or Find My iPhone would mean that everyone is vulnerable. And bad news if you're a celeb, unless you happen to have two-factor verification enabled on iCloud.

It's a potentially embarrassing development for Apple, not only because of the security breach itself but also because Apple has a big week next week at which it's expected to introduce a wearable device that would put ample amounts of health data in the cloud. If people don't feel safe keeping their photos with App, it's hard to see how they would with delicate biometric information.

The full statement from Apple is below:

None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.