By Tess Stynes
Apple Inc. said it hasn't found a breach in its iCloud or "Find
my iPhone" systems and its investigation into the hacking of online
celebrity photo accounts indicates a targeted attack.
The company's comments follow an investigation of more than 40
hours, spurred by reports that vulnerabilities in its iCloud
service were exploited to hack the accounts of celebrities, leading
to the publication of nude photos and videos.
Apple said Tuesday that the probe showed certain celebrity
accounts were compromised by a "very targeted attack" on user
names, passwords and security questions.
Apple said it is continuing to work with law enforcement to help
identify the hackers involved.
Initial media reports suggested that the hacks stemmed from
individual accounts on iCloud, an online service to store photos,
music and other data from Apple devices.
A posting on online code-sharing site GitHub said a user had
discovered a bug in Apple's Find My iPhone service, which tracks
the location of a missing phone and allows a user to disable the
phone remotely if it is stolen. The bug allowed a hacker to keep
trying passwords until identifying the right one.
Most online services lock down an account after multiple
incorrect password attempts to prevent this type of so-called
"brute force" attacks.
Actress Jennifer Lawrence and model Kate Upton were identified
as possible victims. Another actress, Mary E. Winstead, said on
Twitter the hackers grabbed photos she took with her husband last
year in their home and that she had since deleted.
Write to Tess Stynes at tess.stynes@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires