“Apple already had two factor identification in place before any of the others implemented it”
A quick search would show this to be false. Google implemented two-factor authentication in 2011, while Apple implemented in 2013:
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
http://www.cnet.com/news/apple-adds-two-step-verification-option-for-apple-ids/
Furthermore, the initial implementation of two-factor authentication didn’t apply to iCloud backups:
http://arstechnica.com/security/2013/05/icloud-users-take-note-apple-two-step-protection-wont-protect-your-data/
http://money.cnn.com/2013/05/30/technology/security/apple-security/
Apple actually made it difficult to use two-factor authentication at the time of the fappening (3-day waiting period?):
http://www.dailydot.com/technology/apple-icloud-two-step-verification/
Of course, that all seemed to change once the fappening happened:
“But the celebrities accounts were NOT compromised by hacking their passwords. They were compromised by social engineering their security questions. . . which only worked because they WERE celebrities and they published the answers to such questions in fanzine biographies. This is an example of this article not having a clue about the topic it is talking about.”
You have no way of knowing this, the only people who know how it was done are the people who did it. Besides vague statements of how it could have been done, there is little evidence floating around about how it was actually done. One way, as even Apple-loving websites admit, was a brute-force attack that exploited a flaw in the “Find My iPhone app”:
http://www.cultofmac.com/297709/apple-aware-icloud-security-flaw-6-months-fappening/
http://www.engadget.com/2014/09/01/find-my-iphone-exploit/
Before you say “it wasn’t the Find My iPhone exploit!” Why did Apple patch it the next day?
http://www.zdnet.com/article/apple-patches-find-my-iphone-exploit/
Exactly! Apple 2-factor authentication was difficult and hidden from the user. I know Microsoft was annoying me until I turned on 2 factor authentication. Constantly telling me to turn it on...turn it on...turn it on. Finally to make the reminder stop I turned it on :-)
Actually, I do. The celebrity pictures were being offered for sale for three weeks on the site where they were being offered before the "iBrute" exploit was released. It got no traction. Analysis of the photos showed that many, in fact most, of the celebrity pictures were never on iCloud and had metadata that showed they came from Windows computers, Android phones, regular digital cameras (and some even digitized from film cameras images), movie clips, and other sources, which would not have been uploaded to iCloud from an Apple device. We now know exactly from what source the celebrity photos originated and it was, for the most part, NOT FROM iCLOUD, but from an underground organization of celebrity picture collectors who used multiple means of collecting the photos and traded them among their group. To be a member of the group, they had to agree to only sell and trade photos within their group. The seller was violating their membership agreement. It was only when the pervert started claiming he got them off of iCloud that he got attention and made news and was actually got traction to sell the images. These are FACTS uncovered in the weeks after the "fappening". . . and are the results of the investigation into release of the photos. That is why Apple was not sued by the celebrities.
All of this was covered on Freerepublic at the time in far more detail with links to the evidence. I am not going to repeat it here.
iBrute was a joke. It accessed a dictionary with the only 500 most common passwords used by people. However, Apple requires users to use at least 8 upper and lower case characters, a number, and a keyboard symbol when signing up for iCloud. When searching for words that match that criteria on that "dictionary of 500 most common passwords" only TWO met those criteria. iBrute would not have worked on iCloud except on those two words. The authors of iBrute got it to work by putting in his password into the dictionary. . . as did those who tested it. Again, this was covered on Freerepublic in detail when it was current.
As for Ars Technica's claim of being able to get into the teenage girls iOS iCloud back up . . . they used a forensic software that says it works "providing that their system logon passwords are known" BZZZZT. That means they had to have physical possession of the users COMPUTER to access their iTunes account. Really? That is not much of a hack. I recall covering that too when it was brought out on Freerepublic. This is all FUD.