iCloud Leak: Safety and Security

[teknikal90]

In light of the recent leak......

Anyone have any ideas on how it happened? Is iCloud really just not safe at all???
I have disabled photostream, since the very beginning - but is it really easy to gain unauthorized access on someone's iPhone photos???

 

[sdsvtdriver]

$10 says these user's iCloud passwords were social engineered and/or phished.

 

[teknikal90]

This whole photostreaming/syncing thing is a mess. Noone has any real grasp on what it can do and its limitations. It shouldn't be on by default.
The average phone user doesn't need it, it just adds a layer of complexity and another security breach point.

 

[ThisIsNotMe]

$10 says these user's iCloud passwords were social engineered and/or phished.

Exactly. I am sure quite a few people will go off the rails about it but in reality it is not different than peoples Gmail accounts being phished.


If you put it on the internet there is a chance it will get hacked. Period.

 

[teknikal90]

Exactly. I am sure quite a few people will go off the rails about it but in reality it is not different than peoples Gmail accounts being phished.


If you put it on the internet there is a chance it will get hacked. Period.

the difference is that if it's in your gmail account, you had emailed it to there.
With icloud, the uploading is automatic.
For most, it's activated without them fully grasping what it does - quite different to the pressing of the 'send' button onto a gmail account.

Regardless, it'll be interesting to see what Apple will do in response to this.

 

[Angriff]

$10 says these user's iCloud passwords were social engineered and/or phished.

This is what I came here to post. The media will run wild saying iCloud is insecure blah blah when in reality it's probably another case of people reusing the password they use for their important accounts like iCloud on all sorts of random sites and/or clicking phishing links in email or on sketchy websites.

How likely is it that passwords were reset by secret question answers? It seems like an intrepid hacker could find out a lot of the answers to the typical secret questions when the person in question is a celebrity.

 

[jon3543]

This is what I came here to post. The media will run wild saying iCloud is insecure blah blah when in reality it's probably another case of people reusing the password they use for their important accounts like iCloud on all sorts of random sites and/or clicking phishing links in email or on sketchy websites.

This.

How likely is it that passwords were reset by secret question answers? It seems like an intrepid hacker could find out a lot of the answers to the typical secret questions when the person in question is a celebrity.

Secret questions are stupid, as are people who don't treat them like additional passwords, sequences of randomly generated characters.

 

[Apple_Robert]

I think this is going to be a case of some user(s) not being careful while being on the internet with various products.

 

[dba415]

It's not photo stream, it's iCloud backups. Once a user has access to iCloud backups he can get all the photos.

 

[Planey28]

Nothing but news outlets attempting to stir up scare and confusion. It hasn't even been confirmed that iCloud was the source for the leaked photos.

 

[alent1234]

In light of the recent leak......

Anyone have any ideas on how it happened? Is iCloud really just not safe at all???
I have disabled photostream, since the very beginning - but is it really easy to gain unauthorized access on someone's iPhone photos???

i'm sure someone is trying to hack your nude pics right now

 

[2984839]

It's not so much an iCloud problem as a cloud storage problem.

All cloud storage is a security risk unless the data is encrypted locally on your computer before being uploaded. Anytime you store data in the clear on somebody else's computer that can be accessed over the internet by anyone with the password, you're asking for trouble. A bad password, a stolen password, a Heartbleed exploit, configuration error on the server, malicious employee, government request, data mining, etc. all expose your data.

 

[Nathan20]

not sure if iCloud was responsible for the pics.
Best person to follow is https://twitter.com/nikcub
They have apparently traced the guy who shared the photos: https://imgur.com/3WCLUhv

 

[Fabricman112]

not insinuating anything but...
apple is a large company with many employees, if someone knew someone maybe someone could give an amount of $$ to someone, and maybe some pictures were cached somewhere...

humans have shown to be the weakest link many times

 

[Weaselboy]

In light of the recent leak......

Anyone have any ideas on how it happened? Is iCloud really just not safe at all???
I have disabled photostream, since the very beginning - but is it really easy to gain unauthorized access on someone's iPhone photos???

Saw this article today speculating it was a Python script used to execute a dictionary attack on iCloud passwords via a vulnerability in Find my Phone. Apple apparently patched the exploit early this morning.

 

[pickaxe]

$10 says these user's iCloud passwords were social engineered and/or phished.

You just lost 10$.

The passwords were found by a brute force attack.

 

[Erphern]

It's not so much an iCloud problem as a cloud storage problem.

It's not so much a cloud storage problem as it is being a dumbass and taking naked pictures of yourself and putting them on the Internet.

Protip: Don't take pictures of your vagina!

 

[robjulo]

Other than Apple just patched iCloud.

Nothing but news outlets attempting to stir up scare and confusion. It hasn't even been confirmed that iCloud was the source for the leaked photos.

 

[maflynn]

Please join the discussion here: Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts