The celebrity photo hacking incident that saw Jennifer Lawrence and many other celebrities lose control over intimate, personal images stored in the Cloud was serious enough to get the FBI involved. There is one suspect that no one is really pointing the finger at, though. It is Apple.
Both Apple and members of 4chan, the photo sharing site that the stolen images first appeared on, have told new agencies that all the images came from Apple’s iCloud. Apple, though, has denied a security breach. Their research indicates that the hacker obtained passwords by directly tricking the celebrities in question with phishing attacks. Nevertheless, Apple did have a well-publicized security vulnerability for weeks around the time of the attack. Yet, Apple didn’t to fix it.
The security vulnerability was a basic one
Apple’s cloud servers had a significant area of susceptibility until the day after the celebrity image leak scandal. It appeared in the Find My iPhone service. The problem was that it allowed unlimited password attempts. If a hacker had your username and used a brute-force hacking program to try every possible combination of letters and numbers, Apple’s servers weren’t set up to suspect foul play. They would allow millions of tries. This is a shocking oversight.