Apple hasn't been forthcoming with details. They have thus far denied any responsibility. However, there is substantial evidence that it was indeed at least partly their fault.
Apple also follows poor security practices like asking insecurity questions to allow users to gain access to an account.
Apple has claimed that it was most likely a 'phishing' attack. However, given the large number of victims, and the lack of any evidence presented to support such a theory, I am rather hesitant to believe them. Until further information is made available, I am forced to consider Apple to be at fault.
"Apple earlier this week said that after a 40-hour investigation, the company concluded that there was no breach of its data servers. The company has said it discovered a number of celebrity accounts were compromised by targeted attacks, using methods like phishing or correctly answering security questions to obtain their passwords."
So the stolen data was from Apple's servers, but was obtained by compromising individual logins.
Hate to be that guy, but social engineering would mean they manipulated the person through social engagement to expose their credentials or information...which may have been possible, but more than likely they guessed or researched answers to the questions...?
ensignavenger|11 years ago
There was a flaw that allowed brute force password attempts exposed here: https://github.com/hackappcom/ibrute
Apple also follows poor security practices like asking insecurity questions to allow users to gain access to an account.
Apple has claimed that it was most likely a 'phishing' attack. However, given the large number of victims, and the lack of any evidence presented to support such a theory, I am rather hesitant to believe them. Until further information is made available, I am forced to consider Apple to be at fault.
randomfool|11 years ago
"Apple earlier this week said that after a 40-hour investigation, the company concluded that there was no breach of its data servers. The company has said it discovered a number of celebrity accounts were compromised by targeted attacks, using methods like phishing or correctly answering security questions to obtain their passwords."
So the stolen data was from Apple's servers, but was obtained by compromising individual logins.
Lesson #1: enable 2FA. now.
nwh|11 years ago
f3llowtraveler|11 years ago
cliveowen|11 years ago
seanflyon|11 years ago
gress|11 years ago
However it's still a weakness and Apple can take steps to improve things.
JimmaDaRustla|11 years ago