Apple has claimed its customers are to blame for the hack attack on its systems – which has seen hundreds of explicit images of celebrities plastered all over the Internet – saying it has been caused by weak passwords.
The computer giant has confirmed that some celebrities’ Apple accounts were broken into, on iCloud and Find My iPhone, but says it has found no evidence that this was caused by a breach of its security systems.
Instead, the firm claims perpetrators simply worked out victims’ log-in credentials. The FBI has already started an investigation into the incident.
The move follows the online publication of intimate pictures of about 100 personalities, including Jennifer Lawrence, Kate Upton, Victoria Justice, Mary Elizabeth Winstead, Ariana Grande and Kirsten Dunst. While some stars claimed the pictures were fake, Lawrence, Upton and Winstead have confirmed the leaked photos are real.
In a statement, Apple said: “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
But according to a report on Engadget, a Web magazine that covers consumer electronics and technology, the Find My iPhone log-in page was recently found to have been vulnerable to a so-called “brute force” attack – in which a hacker repeatedly tries many different passwords to gain entry.
Most sites automatically lock out users who enter more than a three incorrect passwords, but Engadget said the Apple site lacked this protection.
“It’s certainly not the first intrusion with the service we’ve seen,” Engadget reported. “If this was the tool used, the hackers would only have needed email addresses of celebrities. But it’s possible that only one address is needed, allowing (hackers) to search inboxes for those of others in a domino effect.”
Breaches ‘everyday occurrences’
Half of eBay users now wary
Marketers shoulder hacking costs
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
Adobe data attack ‘may hit billions’
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack