Fiona Byrne | US Editor At Large | 1,173 day ago

Apple Says iCloud Security Is Not To Blame In Celebrity Nude Pictures Hack

The Debrief: The company says it was actually a very targeted attack on passwords and password hints

After a large number of celebrity nudes were leaked online a few days ago, the general consensus was that Apple’s iCloud was to blame. This put the fear of God into every iPhone owner on the planet; it’s a scary thought that anyone can get into your phone, whether you’re a celebritiy or and mere mortal. It was believed that the hackers had somehow managed to access the Cloud, getting into whomever’s iPhone they felt like

But that’s actually not the case, says Apple. The company has spent 40 hours trying to figure out how the accounts of Jennifer Lawrence, Kirsten Dunst and many more were compromised, and according to Apple, it was a ‘very targeted’ attack.

There was no breach of Apple systems, including iCould or Find My iPhone, it says, and the attack happened through accessing usernames, passwords and security questions. This has become a ‘common practice’ online, says the company, and then provided a link to its two-step security information, which it says all customers should be utilising to protect the content of their phones. 

The statement reads: ‘We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilised Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us.

‘After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find My iPhone.

‘We are continuing to work with law enforcement to help identify the criminals involved. To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at’

Although the pictures were horrible violations of these women’s privacy, there is some solace to be had in the fact that many people took to the internet to urge users not to look at the pictures, as well as a mark of solidarity by loads of men who gave a massive eff you to the disgusting trolls hashtag #leak4jlaw by sharing pictures of their naked, hairy chests.

That kind of support makes you feel that despite a few bad apples (absolutely no pun intended!), people are generally quite nice after all. 

It goes without saying that if you haven’t already enabled two-step verification, now is a good time to get on that.

Picture: Getty