Apple acknowledges reports of iCloud ‘network attacks’

Apple is aware of the problem, and it's trying to help you avoid it. 


Eric Geller


Published Oct 21, 2014   Updated May 30, 2021, 8:59 am CDT

Apple on Tuesday said that it was monitoring reports of “intermittent organized network attacks” on its iCloud platform, one day after a Chinese censorship watchdog site observed attacks on iCloud that it attributed to the Chinese government.

“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” Apple said on a help page about iCloud security. “These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”

Anxieties about the cloud platforms of Apple and other major tech companies are running high in the aftermath of the Celebgate photo leaks. Apple quickly denied that vulnerabilities in iCloud were responsibility for the massive invasion of the celebrities’ privacy, but it later emerged that the company had been aware of security issues with the cloud platform that could have been related.

The attacks on iCloud from China were first reported by the blog, which tracks the zealous Internet censorship of the regime in Beijing. The site said it had identified a “man-in-the-middle” attack on iCloud that it described as “an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.”

The attack itself, at least as described by, sounds like standard hacker fare: a site that looks like the iCloud login portal but that reports all attempted login credentials to the hackers. The fake site essentially steps into the “middle” of users’ attempts to log into Apple’s service.

Apple’s response to the report encouraged users to look for a security certificate when logging into iCloud.

“If users get an invalid certificate warning in their browser while visiting, they should pay attention to the warning and not proceed,” the help page said. “Users should never enter their Apple ID or password into a website that presents a certificate warning.”

Image via Apple

Photo by Vince Alongi/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III

Share this article
*First Published: Oct 21, 2014, 3:46 pm CDT