Apple Says ICloud Not Breached for Hacked Actors’ Photos

Sept. 2 (Bloomberg) -- Apple said its iCloud service wasn’t breached by hackers who posted nude pictures of celebrities. The celebrity accounts were “compromised by a very targeted attack on user names, passwords and security questions, a practice that is all too common on the Internet,” the company said in a statement. Julie Hyman has more on "Bottom Line." (Source: Bloomberg)

Apple Inc. (AAPL) said its iCloud service wasn’t breached by hackers who posted nude pictures of celebrities, as the company works to deflect questions about the security of its systems.

Photos from the celebrities were stolen individually, the company said. The celebrity accounts were “compromised by a very targeted attack on user names, passwords and security questions, a practice that is all too common on the Internet,” Cupertino, California-based Apple said in a statement today.

Apple is working to quiet a firestorm about the hacked celebrity accounts, with nude photos of actress Jennifer Lawrence and others surfacing over the last few days on the Internet, allegedly obtained by hackers who used the company’s iCloud service to illegally access files. The reports threatened to mar Apple’s event on Sept. 9, where the company is set to unveil new iPhones, a wearable device and a mobile-payments system, people with knowledge of the matter have said.

Related:

The incidents spurred the U.S. Federal Bureau of Investigation to release a statement yesterday saying the agency is aware of the allegations “concerning computer intrusions and the unlawful release of material involving high profile individuals.” The agency is “addressing the matter,” Laura Eimiller, an FBI spokeswoman in Los Angeles, said by e-mail.

Photographer: Marcio Jose Sanchez/AP Photo

The iCloud at the Worldwide Developers Conference in San Francisco in this June 6, 2011 file photo. Close

The iCloud at the Worldwide Developers Conference in San Francisco in this June 6, 2011 file photo.

Close
Open
Photographer: Marcio Jose Sanchez/AP Photo

The iCloud at the Worldwide Developers Conference in San Francisco in this June 6, 2011 file photo.

Security Layers

The incident highlights challenges that Apple and other developers of Internet services confront in striking a balance between security and convenience, said Brian Finch, a partner in the Washington office of the law firm Pillsbury Winthrop Shaw Pittman LLP. Part of that challenge is many consumers are unwilling to use features that tighten security while making the services harder to use, he said.

“You can’t sell what people don’t want and there needs to be a greater awareness among consumers about the need for security and the effectiveness of security functions,” Finch said. “So much of cyberattacks can occur because the Internet and so many services are built for reliability first. Security is a far lower consideration.”

Securing the Net

Celebrities are easy targets because so many personal details about them are already public, which can make it easy for hackers to guess the answers to their security questions. Sarah Palin’s Yahoo account was once hacked when a college student used a Wikipedia page to find the birth date, and Paris Hilton’s T-Mobile account was breached when hackers correctly entered her dog’s name in response to her security question.

Not Responsible

The iCloud service is a key part of Apple’s strategy to unite its iPhones, tablets and desktop computers, letting users store contacts, e-mails, photos and other personal information on external systems they can access.

Apple said in its statement today that a flaw with iCloud wasn’t responsible, nor was its “Find my iPhone” feature.

“When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source,” Apple said. “Our customers’ privacy and security are of utmost importance to us.”

The company said it is working with law enforcement to identify the perpetrators of the hacks.

Apple is also encouraging people to use stronger passwords, including having at least eight characters with one number, one letter, one capital letter and not be used in the prior year. Apple also wants customers to use two-step verification, which means after a password is entered, an additional code will be sent to a person’s mobile phone.

Security and privacy is a key issue for Apple as it introduces new services that will require people to trust the company with sensitive information. New HealthKit software serves as a clearinghouse for health and fitness related information, while the next batch of iPhones will include technology so they can be used for making payments.

To contact the reporters on this story: Adam Satariano in San Francisco at asatariano1@bloomberg.net; Chris Strohm in Washington at cstrohm1@bloomberg.net

To contact the editors responsible for this story: Pui-Wing Tam at ptam13@bloomberg.net Reed Stevenson

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.