by David Goldman, Jose Pagliery and Laurie Segall
September 2, 2014
NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT
YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.
How did private, nude photos of Jennifer Lawrence and other celebrities get leaked all over the Internet Sunday?
It was a combination of weak passwords, easy-to-guess security questions and a bug in Apple's photo backup service that has since been fixed.
On Tuesday, Apple (AAPL, Tech30) concluded hackers were able to force their way into celebrities' private photo collections by repeatedly guessing passwords -- or answers to their security questions.
This was possible, because of a bug in the system Apple uses to remotely store photos and documents: iCloud.
Well-guarded systems only let users guess passwords a handful of times before blocking access. But until this week, Apple's iCloud service allowed people to guess passwords over and over again. It would never lock out. Eventually, hackers hit it right.
Also a likely culprit: the "forgot my password" feature. If you don't remember your password, the system asks you security questions to grant access. These actresses, models and singers lead public lives, and answers to questions about their past are easily found on Wikipedia and elsewhere.
It's similar to what happened to Alaska's former governor, Sarah Palin. Hackers accessed her personal email account. One of the security questions she had set to retrieve her password was her birthday.
Apple assured the public these hackers did not break into the company's core computer systems, which house all of its users' data. So iCloud itself was not hacked.
"Certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," Apple said in a statement. "None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone."
But this is another event that stresses the importance of secure passwords. Celebrities are already prime targets of malicious behavior, so they need to be especially careful online with extra precautions to keep hackers at bay. Strong, hard-to-guess passwords are a must.
Passphrases are especially strong passwords, particularly ones that are easy to remember but are long and hard to guess (example: "1 Day I ate 364 bananas & 13 cherry Pies!!!").
It's also vital to use password-protecting tools like two-factor authentication. That option, available on most email or file-sharing platforms, is a second, temporary password that usually arrives in the form of a text message.
It prevents anyone from accessing your account without also being in possession of your phone. And it would have prevented this.
CNNMoney (New York) September 2, 2014: 4:42 PM ET