Blog Post

Apple: “Certain celebrity accounts” were compromised by a targeted attack

A slew of nude celebrity photos was dumped onto the internet this past weekend, and most of the discussion surrounding the hack has centered on security flaws in Apple’s iCloud service. On Tuesday, Apple released a official statement in which it denied a systemwide breach, but acknowledged that “certain celebrity accounts were compromised” by a targeted attack. The full statement is below:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at

Based on the statement, it seems that [company]Apple[/company] systems have not been breached with a new exploit, but rather that certain iCloud accounts were accessed through (presumably) garden-variety phishing or social engineering. After all, if an attacker gains access to one account — say, an email account — the information within can often be used to access that target’s other accounts. Apple’s statements leave open the possibility that a flaw in another company’s security was what led to the very public security breach.

Apple is recommending two-factor logins if there’s something on your phone you’d like to keep private. That’s a good idea — and considering that sometimes it takes up to three days to turn on iCloud two-step verification, you should start the process now.

3 Responses to “Apple: “Certain celebrity accounts” were compromised by a targeted attack”

  1. Per other reports Apple’s Find My iPhone service has no prevention from “brute force” programs that guess random passwords for a given user name until it gets a match.

    How does Apple not get called out regularly for such poor security of customer accounts? Does security not matter to Apple users? And to think that with the iPhone 6 Apple is finally adding NFC support as well direct payment tie-ins to AMEX, MasterCard and other services.

    Hackers have to be licking their chops for these new opportunities to steal iOS user’s data and money.

  2. Alina Zhibek

    Also – There is really no such thing as 100% secure file storage if its connected to the internet. Especially if you use any third party storage… I store EVERYTHING on a portable hard drive… and dis-connect it when I am not using it.. You can get a terabyte portable hard drive for around $150.00, I never have to worry about losing anything or anyone stealing my files…and I don’t pay a monthly fee..

    Hell, I don’t even really use my “smart phone”. My old dumb-one is good enough for me and its cheaper. It’s a waste of money just like so many other things in America like student loans (get a cheap education!), expensive car insurance (my $25/month policy from Insurance Panda is good enough for me), and fast food (who wants to pay $10 for a Chipotle burrito?!?).

    Also – One way to completely ensure there are no bad photos of yourself that could wind up in an embarrassing situations is to NOT take them. Seems pretty logical to me…