It was you, not us.
If you haven't been living under a rock these past few days, then you may have heard about the celebrity media hacks that were posted to 4Chan. The hacker gained access to the private photos and videos of dozens of celebs via iCloud and then proceeded to post them on the message board. Users then raced to host the files on the popular image sharing site imgur and via torrent sites; imgur has been proactive in taking down the images, but once an album is removed another one pops up.
Kirsten Dunst was one of the celebs who had her account compromised, and let that be known via Twitter shortly after the news broke.
Apple has now officially commented on the matter and is taking the breach, understandably, very seriously:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
The Cupertino company also stated that no systems were compromised, and that it appears to be a targeted password hack on individual accounts. Additionally, Apple recommended that people use two-step authentication, perhaps hinting at the root cause of the hack itself.
Back in May, many Australian iCloud users found themselves locked out of their accounts after hackers gained access through the "Find my iPhone" feature. At that time the hackers demanded money for restored access; Apple said then, as now, that it had nothing to do with an iCloud or services breach.
In any case, it does bring to light misplaced trust in such services and a failure in properly protecting such sensitive data. Either way, we're sure that those that were affected have learned something about online privacy from this.
Source: Business Wire | Image via Apple