Sadly, it's not known if this is what was used.
Apple is going to have a huge black eye for a long while from this. I wonder what the settlements will cost with all the actresses.
I’ll, of course, have to see the photos in question in order to determine the severity of the breech.
I can’t believe they didn’t have some kind of lockout policy. Even a ten-try maximum would be effective against brute-force; you could also establish a modest lockout duration so legitimate users could try again after a set amount of time.
I got an iphone last week. Coincidentally they pushed me a message that I should back it up to iCloud on friday, just before this hit.
Bob Barker and George Clooney can keep it to themselves.
bkm
My new ipad has icloud as my new email address but I don’t have any naked pictures on it. No pictures at all. What else could happen?
Must have been the “Click here to download dirty pictures of celebs” backdoor...oops I mean security flaw
Impossible. Swordmaker always said apple is perfect. Ha ha.
They are going to have to pay settlements - plus - no one is going to trust this Cloud business anymore
"We discussed the tool with its creator, Hackapp, over Twitter, who said This bug is common for all services which have many authentication interfaces and that with basic knowledge of sniffing and reversing techniques it is trivial to uncover them. When asked if the method could have been used in the celebrity hack today, Hackapp said Ive not seen any evidence yet, but I admit that someone could use this tool.Reviews of the metadata from the nude celebrity photographs that have been released have found that while many were taken with Apple equipment, many were also taken with Android phones and webcams on Windows PCs, which would not be likely to be stored on Apple's iCloud.
The script does apparently implement a brute force serial attack through the FindMyiPhone API using a list of the 500 most commonly used passwords such as "password, password1, passw0rd, p@ssw0rd, p@ssword, princess, princess1, etc."
Strangely, all of Alexey Troshichev's direct articles and evidence of the script and claims have been removed from the web for some reason.
Apple has been recommending for some time that users employ a two-level authentication to avoid this exact kind of exploit.
If you want on or off the Mac Ping List, Freepmail me.
More reports on analysis of the picture sources say that a lot have “Tumblr” watermarks on them, for whatever that’s worth. Others show Android phones in the selfies as well as Apple phones. Data that shows varied sourcing. Apple has announced they are “Actively investigating IF the data could have originated from breeches of Apple customer accounts.”
A theory offered on Twitter by security expert Dan Kaminsky, chief scientist at WhiteOps.com, is that someone who was collecting a cache of the celebrity nudes may have been hacked by the person or people who spread the images online over the weekend. If the photos were collected by a person from different sources over a long period of time, it could explain why some of the images appear to be genuine and others are allegedly fake.That would explain the melange of photo types.