Apple state that the mass theft of nude celebrity photos that were released over the weekend did not occur because of a breach in any Apple systems, including iCloud. Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on compromising their usernames, passwords, and security questions — a common and well-tread technique across the web. Though Apple’s statement doesn’t make it entirely clear, it sounds as though iCloud may still have been involved in the thefts in some capacity: that is, Apple’s customers may have had their iCloud usernames and passwords stolen, giving another party access to their account.
The FBI has said that it is currently “addressing” the stolen photos, and Apple says that it’s working with law enforcement on identifying culprits. Apple’s full statement can be read below.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.