By Derek Staahl
Story Published: Sep 2, 2014 at 5:50 PM PDT
Copyright: The CW News
SAN DIEGO — That large leak of nude celebrity photos was the result of a targeted hack attack on select users, not a widespread breach of Apple’s systems, the company announced Tuesday.
Private nude photos of more than 100 celebrities like Academy Award winner Jennifer Lawrence and model Kate Upton began surfacing online Sunday. Lawrence and Upton have confirmed the authenticity of their pictures, while some other stars declared theirs fakes.
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” the company said in a statement online.
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
Dr. Lance Larson, a cyber security expert at San Diego State University, said the prevailing theory is that the hacker used a “brute force attack.”
“What they do is they use your email address or your login, and they keep trying new passwords over and over and over automatically until one finally works,” he said.
Engadget reports that Apple patched a bug on Monday that had previously left the Find my iPhone app vulnerable to brute force attacks.
Apple is encouraging all users to sign up for two-step verification, a security procedure some other sites call multi-factor authentication.
“Multi-factor authentication means you don’t use just a log-in or a password. But you use a log-in, a password, and another factor.”
In Apple’s case, that other factor is a “trusted device” like a cell phone. Once the service is set-up, users need both a password and a verification code sent to their cell phone before they can modify account information or make purchases.