61°
Cloudy
SUN
 74°
 57°
MON
 76°
 55°
TUE
 78°
 53°
WED
 79°
 57°
THU
 76°
 57°

Apple says some celebrity accounts compromised (w/video)

  • Jennifer Lawrence seen at the Hunger Games: Mockingjay - Part 1 party at the 67th international film festival, Cannes, southern France, Saturday, May 17, 2014. (Photo by Arthur Mola/Invision/AP)

SAN FRANCISCO — Apple is acknowledging that computer hackers broke into the accounts of several celebrities to steal personal photos that have been posted online, a security breakdown that the iPhone maker blamed on the intruders' ability to figure out passwords and bypass other safeguards.

The preliminary conclusions emerged Tuesday after Apple's engineers spent more than 40 hours investigating a high-tech break-in that has exposed weaknesses in online security at a time more people are storing photos and other sensitive information on other computers hosed in massive data centers.

Apple opened its inquiry over the Labor Day weekend after the online distribution of nude photographs of Oscar-winning actress Jennifer Lawrence and other stars, including Mary Elizabeth Winstead. Some of the stars say the photos are fakes, but Lawrence has acknowledged the revealing pictures of her are real in a statement branding their theft as a "flagrant violation of privacy."

The intrusion raised concerns that Apple's iCloud service, which is widely used by iPhone and iPad owners to store copies of personal photos, may have suffered a massive security lapse.

Apple, though, says it found no evidence of a widespread problem in iCloud or its Find my iPhone service. Instead, the affected celebrity accounts were targeted by hackers who had enough information to know the user names, passwords and answers to personal security questions designed to thwart unauthorized entries, according to Apple.

Knowing this crucial information would enable an outsider to break into Apple accounts, including iCloud.

It's much more difficult hack into an account if a user enables a two-step authentication feature offered by Apple, Google Inc., Microsoft Corp. and several other major technology companies. This security measure requires a user to enter a special code sent to a smartphone when an attempt is made to sign into an account from a device that hasn't been previously used.

Security specialists also suspect the hacking into the celebrity accounts could have been avoided if Apple had stricter controls on how many times an incorrect password can be entered before access to the account is forbidden for a short time period. Apple has a lockout feature on its online accounts, although it won't say how many times an incorrect password must be entered before it's triggered.

Apple is urging its users to switch to stronger passwords and enable the two-step authentication feature in the aftermath of the celebrity hacking attacks. "Our customers' privacy and security are of utmost importance to us," Apple said in its statement.

The Cupertino, California company also is cooperating with an FBI investigation into the intrusion.


comments powered by Disqus
© The Press Democrat |  Terms of Service |  Privacy Policy |  Jobs With Us |  RSS |  Advertising |  Sonoma Media Investments |  Place an Ad
Switch to our Mobile View