Apple iCloud hack leaked hundreds of nude photos of celebrities

This weekend, a number of celebrities had their privacy invaded when a hacker obtained personal photographs from various digital devices, and began spreading them across the Internet. Among those affected were Ariana Grande, Aubrey Plaza, Bar Rafaeli, Jennifer Lawrence, Kaley Cuoco, Kate Upton, Kirsten Dunst, Victoria Justice, and many more. While some of the photographs were perfectly innocent, though still private moments, many of the images were nude or were otherwise sexually explicit. The photographs were posted onto 4Chan and then Reddit, and began circulating from there.

After this massive hack a question comes in my mind how did the hackers do it?
A few days ago a group calling themselves hackappcom posted a proof of concept script on the popular code repository called Github that would allow for a user to attempt to breach iCloud and access a user account. This script would query iCloud services via the “Find My iPhone” API to guess username and password combinations. The problem here was that apparently Apple was not limiting the number of queries. This allowed for attackers to have numerous chances to guess password combinations without the fear of being locked out.

This script was an output from a talk that was given by Andrey Belenko and Alexey Troshichev called, “iCloud Keychain and iOS 7 Data Protection” at the Russian Defcon Group DCG#7812. Based on the note that they posted after the news of the breach started to circulate, they were rather upset that their script was being used to a malicious end.

What do the security researchers says?
Dan Kaminsky, chief scientist at whiteops.com, said on Twitter that “my personal thinking is that someone [originally] hacked desktops, and someone else hacked the hacker” - adding “if it isn’t iCloud, which apparently there’s some reason to believe.”

How do i protect myself?
While this incident has unfortunate ramifications for the victims it has been a great wake up call for others thanks to the huge amount of press coverage. This is an excellent opportunity for people to clean up their password practices and improve their personal security posture. So, how does one avoid this sort of problem? Well, there are few things that you can do to help to potentially avoid this type of end result. First off you can enable two factor authentication on your iCloud account. Once this is enabled a user would receive a four digit SMS message with a code to input in addition to their password. This way, if a password is compromised the attacker would still need an SMS code to gain access to the user account.

What is Apple doing for this?
Apple said it was "actively investigating" the violation of several of its iCloud accounts, in which revealing photos and videos of prominent Hollywood actresses were taken and posted all over the Web.
"We take user privacy very seriously and are actively investigating this report," said Apple spokeswoman Natalie Kerris.