Apple releases statement on celebrity photo leak: it wasn’t iCloud or Find My iPhone

This past weekend, the personal photos of numerous celebrities were leaked online. These images were leaked by one person who had obtained the images without the victims’ consent. What isn’t clear is how this person got access to the photos in the first place.

As the images made their way around the internet, so too did rumours that the hack was made possible by a vulnerability in Apple’s iCloud or the Find My iPhone process. The story went that “iBrute” made it possible for the hacker to brute force guess the victims’ passwords without ever being locked out for too many wrong entries. Even some of the affected celebrities blamed the hack on iCloud.

Apple is just one week away from the unveiling of the iPhone 6 and iOS 8, which includes iCloud Photo Library, an update that allows you to access all your photos and videos on iCloud (whether they are from last week or last year). A huge security breach like this one is the last thing the company needs ahead of such a high profile event.

Not long after the leaked images hit the internet, Apple released a statement saying it was investigating the issue. However, it seems those investigations have concluded and the company has found no fault within iCloud or Find My iPhone. Speaking via statement today, Apple said it was ‘outraged’ by the theft of the photos but Apple engineers found no breach of its services. The engineers did find that certain celebrity accounts were ‘comprised by a very targeted attack on user names, passwords, and security questions.”

Apple said it is continuing to work with the authorities investigating the attack. In the mean time, it’s more important than ever to activate two-factor authentication wherever you can. Find out which services offer two-factor verification.

Check the full statement below:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.