Apple hasn't been forthcoming with details. They have thus far denied any responsibility. However, there is substantial evidence that it was indeed at least partly their fault.
Apple also follows poor security practices like asking insecurity questions to allow users to gain access to an account.
Apple has claimed that it was most likely a 'phishing' attack. However, given the large number of victims, and the lack of any evidence presented to support such a theory, I am rather hesitant to believe them. Until further information is made available, I am forced to consider Apple to be at fault.
"Apple earlier this week said that after a 40-hour investigation, the company concluded that there was no breach of its data servers. The company has said it discovered a number of celebrity accounts were compromised by targeted attacks, using methods like phishing or correctly answering security questions to obtain their passwords."
So the stolen data was from Apple's servers, but was obtained by compromising individual logins.
My understanding is it just doesn't protect iCloud backups, which is what were compromised here - also why things deleted from the phone were still in the cloud.
That's mine too, an iCloud backup is pretty much keys to the kingdom. Could also just have been that they had access for a very long time and downloaded data multiple times in that period without being detected.
It's a classic "password" is not a good password situation. Peoples passwords are way too common, its not surprising celebrities got hacked they're going to be just as likely as using a weak password as any young adult.
Hate to be that guy, but social engineering would mean they manipulated the person through social engagement to expose their credentials or information...which may have been possible, but more than likely they guessed or researched answers to the questions...?
Ok. One of the stories I read mentioned that may have been how they got the information required to hack the account. Not too sure if it was just speculation or verified in anyway.
There was a flaw that allowed brute force password attempts exposed here: https://github.com/hackappcom/ibrute
Apple also follows poor security practices like asking insecurity questions to allow users to gain access to an account.
Apple has claimed that it was most likely a 'phishing' attack. However, given the large number of victims, and the lack of any evidence presented to support such a theory, I am rather hesitant to believe them. Until further information is made available, I am forced to consider Apple to be at fault.