Apple investigating iCloud hack, starting by patching a major security flaw

Apple has responded to Re/code on the leak of hundreds of seemingly legitimate nude celebrity photos that surfaced on 4chan over the weekend. The photos, seemingly confirmed by at least two of the victims, are thought to have been obtained through Apple’s cloud photo storage service, iCloud.

In the brief statement, Apple noted that it takes the privacy of its users “very seriously” and that it would be “actively investigating” the situation. The company appears to have already quietly taken a few steps to patch vulnerabilities in its system. One, noted by the Next Web, is a hack called iBrute that takes advantage of flimsy security in Apple’s Find My iPhone service. Notably, Apple’s cloud login doesn’t lock a user out after a certain number of password attempts, inviting brute force attacks—automated programs that crack a password by guessing repeatedly.

Beyond that shocking security lapse (most systems shut out users after just a few failed login attempts) is the fact that Apple has never aggressively promoted its own version two-factor authentication for iCloud. Two-factor authentication requires a special freshly generated code, sent to a trusted device, in order for a user to log into a system from a new computer or mobile device.

It’s probably the best protection the average user can hope for against these kinds of attacks. While Google has very actively promoted two-factor authentication in recent years, Apple doesn’t publicize the powerful extra security step for its iCloud services.

H/T Re/code | Photo via Instant Vantage/Flickr (CC BY-SA 2.0)

Taylor Hatmaker

Taylor Hatmaker

Taylor Hatmaker has reported on the tech industry for nearly a decade, covering privacy and government. Most recently, she was the Debug editor of the Daily Dot. Prior to that, she was a staff writer and deputy editor at ReadWrite, a tech and business reporter for Yahoo News, and the senior editor of Tecca. Her editorial interests include censorship, digital activism, LGBTQ issues, and futurist consumer tech.