Insights For Success

Strategy, Innovation, Leadership and Security

iCloud attack was really a phishing

GeneralEdward KiledjianComment
Image by Christiaan Cole used under Creative Commons License

Image by Christiaan Cole used under Creative Commons License

Remember the "iCcloud hacking" where celebrity photos were stolen and published? Well the man behind it (aka Celebgate) was convicted of accessing more than 300 iCloud and Gmail accounts (30 of which belonged to real legitimate celebrities). You can read the district attorney brief if interested.

Now this is the story that wasn't... While most media outlets were shocked that Apple would allow hackers to "break into" iCloud accounts and steal pictures, it turns out, Apple couldn't have done much. The attack relied on good old fashioned phishing.

Phishing is the act of faking a popular website or service and tricking users to enter their credentials on the harvesting page.

So iClous was never compromised but Apple probably could have done more to detect the unauthorized access' and protect its user data. 

So the moral of the story is :

  • be extra vigilant where you use your passwords
  • never re-use the same password for more than one site
  • use complicated (non dictionary) passwords
  • turn on 2 factor authentication