CGRYtUX.jpg (1600Ă—1067)

Apple is investigating potential iCloud hack following Celebgate

Shares

Apple has responded to Re/code on the leak of hundreds of seemingly legitimate nude celebrity photos that surfaced on 4chan over the weekend. The photos, seemingly confirmed by at least two of the victims, are thought to have been obtained through Apple's cloud photo storage service, iCloud.

In the brief statement, Apple noted that it takes the privacy of its users "very seriously" and that it would be "actively investigating" the situation. The company appears to have already quietly taken a few steps to patch vulnerabilities in its system. One, noted by the Next Web, is a hack called iBrute that takes advantage of flimsy security in Apple's Find My iPhone service. Notably, Apple's cloud login doesn't lock a user out after a certain number of password attempts, inviting brute force attacks—automated programs that crack a password by guessing repeatedly.

Beyond that shocking security lapse (most systems shut out users after just a few failed login attempts) is the fact that Apple has never aggressively promoted its own version two-factor authentication for iCloud. Two-factor authentication requires a special freshly generated code, sent to a trusted device, in order for a user to log into a system from a new computer or mobile device.

It's probably the best protection the average user can hope for against these kinds of attacks. While Google has very actively promoted two-factor authentication in recent years, Apple doesn't publicize the powerful extra security step for its iCloud services.

H/T Re/code | Photo via Instant Vantage/Flickr (CC BY-SA 2.0)