Apple confirms celebrities' accounts breached in "highly targeted" attack Cupertino blames users' passwords and security questions.
by Sean Gallagher Sept 2 2014 Ars Technica
An Apple spokesperson has issued a statement on the company's investigation of the hacking of female celebrities' cloud accounts and the theft of photos from their accounts. And Apple is, in essence, blaming the victims. Or at least,
"We wanted to provide an update to our investigation into the theft of photos of certain celebrities," the statement reads. "When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us."
Initial reports from security sources suggested that an exploit of a weakness in Apple's "Find My iPhone" API that allowed a brute force password attack. Apple has discounted those reports, and it blames the success of the attacker on what amounts to social engineering of the accounts-by trying to use personal data to guess passwords or answers to security questions for the accounts in question.
...
-or-