[karl_nerd]

So i'd wager there'd be quite a few celebrity dick picks available too if hackers wanted them. We know men like to send them unsolicited, and I'm sure those celebrities had received more than a few. But there are none. And why? Because those women were specifically targeted by people with a lot of resources and patience. (it's important that they were targeted specifically for being women).

To all of you idiots blaming the victims out there right now "should have used 2fa, should have used stronger passwords":

1. You don't know if 2FA was in place, you don't know what strength the passwords were.

2. Again: those women were highly targeted. Can you defend yourself if someone takes a week/month long project to break into your phone? (Also this was during heartbleed and other big vulnerabilites)

Come off your bullshit high horse. Don't blame the victims here.

[iaw]

Re: 1) 2FA wasn't in use by these individuals. If you read the Apple release they not only neglect to mention 2FA as a source of the breach but actively encourage users to sign up for it. If 2FA was in place I doubt that this vector would have been successful.

That being said, I think the culpability is on Apple here as much as it is on the individuals responsible for obtaining the links. Security questions were never good security and companies need to start moving away from failed models.

[dpweb]

Security questions are just horrible. 2FA is good, but these celebs have people that handle their social media, so even if the technical leaks are plugged, things would just move to social eng. tactics, bribe an assistant, etc.. Probably a number of people have a celebs Twitter password.

Pretty worthless statement by APPL. "happpens all the time", "not our fault", etc.. They should be called out for security questions in the 1st place if that's what they use at all. Even after Sarah Palin which was greatly publicized. These companies learn nothing.