Hacker News new | ask | show | jobs
by zibzab 1681 days ago
That is not correct.

It was actually a distributed campaign with multiple hackers with different methods but the main leaks were due to the following problems:

1. Bug in some Apple services allowed unlimited login attempts

2. Bug in Apple backup restoration function allowed bypassing multi-factor authentication (or was it confirmation email?)

This is all from memory, I might be wrong about the details. Anyway, that Apple initially blamed this on weak passwords and now phisihing clearly demonstrates what kind of PR circus this field is.

Just think about this: when Apple closed these holes (silently), attacks had been going on for 1-2 years. Towards the end there were fairly cheap and reliable hack-my-exs-iphone services on the darknet.
1 comments
stef25 1681 days ago
According to the link below it clearly was phishing

https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak...

link
zibzab 1681 days ago
From your own link:

" ... such as phishing and brute-force attack guessing ..."

Just take a moment to think about the brute force attack and whether that should have worked at this scale in the properly secure environment.

link
mercutio2 1681 days ago
They caught the people responsible, and convicted them, as the Wikipedia page describes in detail at the end. The actual perpetrators acknowledged they'd sent phishing emails to gain access.

Whether or not there was brute force rate limiting available at the time (which seems unclear), that's not related to the specific events you brought up.

link