The Washington Post

Apple says hackers targeted celebrity accounts, not iCloud systems

Apple said that it is confident that iCloud systems are secure (Photo by John Moore/Getty Images)

Apple said that its iCloud systems have not been breached Tuesday and that thieves stole celebrity photos from Apple accounts by targeting individuals, rather than by breaking into the company's infrastructure.

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," the company said in a statement. Apple said that it is working with law enforcement to help identify who took the photos.

The statement indicates that the pictures -- nude images of several female celebrities taken in personal settings --  were stolen as a result of what's known as "social engineering" or "spear-phishing" attacks. In those attacks, hackers specifically target an individual user and attempt to trick account holders into giving up their passwords and usernames to break into an account.

Security researchers have also suggested that the attacks might have been the result of “brute force” attacks, where hackers try to break into accounts by repeatedly guessing hundreds or thousands of passwords in hope of guessing the right one.

The firm stressed that there's no indication that average iCloud users are at risk, but the company recommends that users always use strong passwords and use two-step verification.

"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my Phone," Apple said.


Three ways to step up your own cloud security

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.