It turns out the theft of celebrity photos was done the old-fashioned way, according to Apple, with the hackers figuring out user names, passwords, and security questions of the celebrities.
The statement from Apple aims to dispel concerns that hackers were able to break into its iCloud service—which would’ve opened the possibility of data being stolen from any number of consumers.
The distinction may not mean much for some consumers, and public perception of the cloud’s security will still almost certainly take a hit. If nothing else, the incident has shown that “the cloud is fundamentally insecure,” with no one way to ensure total protection other than not putting data there in the first place, Ars Technica wrote.
But a “targeted attack” on celebrities, as Apple puts it, is not actually much of a game-changer—these sorts of hacks, as we all know, are actually very common.
Here’s the full statement from Apple:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
The incident comes a week before a major Apple product event, which is rumored to involve the unveiling of a new iPhone and Apple’s first smart watch.