Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Apple Inc

Apple: nude photos leak not linked to systems breach

Kevin McCoy
USA TODAY

This photo illustration shows the logo on an Apple iPad in London, England.

NEW YORK — Apple (AAPL) says the embarrassing leak of nude photos of celebrities wasn't caused by any breach of the tech giant's widely used electronic systems.

The company made the announcement after the FBI said it was investigating the leak in which unidentified computer hackers gained access to private photos of Jennifer Lawrence, Kate Upton and others, and then posted them online.

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," Apple said in a statement issued Tuesday.

"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved," the company added.

Apple spoke out as it prepares for next week's scheduled unveiling of its latest iPhone model and other products.

The company statement contradicted a tech report Monday that said Apple had fixed a bug that could have enabled hackers to gain access to iCloud accounts — and then leak the photos.

The weakness occurred in Apple's Find My iPhone software, reported Engadget, a Web magazine that covers consumer electronics and technology.

The Engadget report about the fix came hours after an unknown hacker or hackers leaked nude and semi-nude photos of celebrities who appeared to be Lawrence, Upton, Victoria Justice, Mary Elizabeth Winstead, Ariana Grande and Kirsten Dunst.

Although some of the renowned victims — including Lawrence, Upton and Winstead — acknowledged their private photos had been hacked, others warned that their alleged photos circulating online were fakes, including Grande and Justice, via Twitter.

According to Engadget, the Find My iPhone log-in page was recently found to have been vulnerable to "brute force" attacks — a procedure in which a hacker repeatedly tries many different passwords, seeking one that provides entry.

Most sites automatically lock out users who enter more than a small number of incorrect passwords. But the report said the Apple site lacked this protection.

"It's certainly not the first intrusion with the service we've seen," Engadget reported. "If this was the tool used, the hackers would have needed e-mail addresses of celebrities. But it's possible that only one address is needed, allowing (hackers) to search inboxes for those of others in a domino effect."

In Apple's statement knocking down that purported scenario, the Cupertino, Calif.-based company said it was outraged by the photo thefts and immediately launched an investigation to discover the source. Apple also advised all its customers to use a strong password and enable a two-step verification process.

Trey Ford, a security strategist at Boston-based security firm Rapid7, said Apple's statement could mean that hackers used publicly accessible information in exploiting the password reset mechanism for the targeted celebrity accounts.

"VIPs, executives, and those who take their security and privacy seriously often retain private physical security firms, while neglecting their Internet presence," said Ford in a statement issued by Rapid7. "Two-step verification (also known as strong authentication) on these accounts would have prevented attacks like this one."

Contributing: Elizabeth Weise

Featured Weekly Ad