Jennifer Lawrence, Kate Upton and Kirsten Dunst. They - and a dozen other celebs - were among the people whose iCloud backup got stolen by hacker(s). Hundreds of nude or other compromising pictures spread around the Internet, all coming from iCloud backups. How could this happen? Wasn’t iCloud supposed to be secured better against these hacks and thefts?
Put up the wall!
After the hack was discovered begin September, Apple reacted by putting up the 2FA wall. This secures online accounts and drives by prompting a password snet through SMS that can only be used once and for a limited time. Apple had used 2FA before, so the question is: Why did they part with the method of securing private files and backups in the first place? This simple way of securing online accounts is both simple as effective.
They just guessed it
Apple assumes hackers must have guessed the passwords that gave access to the accounts. Read that sentence again. It is that simple to get access to an iCloud account, which contains (in this case) nude pictures of their owners. That is an utterly disturbing fact. Apple develops ever-enhancing mobile devices and software, which we use to simplify life and allows us process data faster and easier. The data we’ve been putting in these devices has become more and more important because of the endless capabilities of modern smartphones. You can now even let your iPhone scan your credit card number so you don’t have to fill it in yourself. Where does that data go? Exactly!
Don't worry, it's only nudity
This time ‘only’ nude pictures have been stolen and were spread throughout the Internet. That must be an awful experience. But next time it’ll be the credit card data we store on our iCloud Drive. Or now Apple released its Health app with iOS8; personal health data. Apple never should have removed 2FA with its services becoming more ubiquitous and so widely used for many purposes. By now, we should all know that just standard credentials, username and password, are not securing our privacy anymore.
Want to know more on how to secure online portals and accounts? Download the free 2FA Whitepaper here or read the related articles:
- Securing login session with 2FA
- Renewed 2FA discussion after 1,2 billion Internet passwords theft
- Privacy sensitive data strongly protected by 2FA