Skip to main content

iCloud hackers likely got away with more than just naked celeb photos

Apple has confirmed that a large number of celebrity iCloud accounts have been compromised, and indeed it's likely that it wasn't just nude and semi-nude photos (and videos) which were stolen from the hundred or so victims.

Apple issued a press advisory after 40 hours of investigation into the affair (opens in new tab) which is said to have left the company "outraged". Cupertino said that iCloud had not been hacked or breached itself, rather the accounts had been undone by a "very targeted attack on user names, passwords and security questions".

Read more: iCloud hacking scandal sees naked photos of A-list celebrities leaked on 4chan (opens in new tab)

While the naked photos have been the scandal and gossip this week, one point that seems to have been overlooked by many is the fact that it's likely that images aren't the only things the attacker was able to pilfer.

The Sydney Morning Herald (opens in new tab) reported that Nik Cubrilovic, an Australian security expert, noted that it's very likely those who breached the accounts also made off with texts, contacts, calendars, notes, and potentially other info which hasn't been published (yet). These would be accessible via special forensic software which could extract the data from cloud-based backups.

Cubrilovic said the attacker(s) would also have been able to access real-time GPS coordinates via the Find My iPhone service – and remember, this is the location of major celebs we're talking about here (and their address books and so forth).

We could yet see more of a storm from this incident, and in general, Cubrilovic noted that: "What we see in the public with these hacking incidents seems to only be scratching the surface. There are entire communities and trading networks where the data that is stolen remains private and is rarely shared with the public. The networks are broken down horizontally with specific people carrying out specific roles, loosely organised across a large number of sites (both clearnet and darknet) with most organisation and communication taking place in private (email, IM)."

Cubrilovic also said that iCloud is the most popular target for hackers due to the popularity of the iPhone, and because Picture Roll backups are enabled by default (Windows Phone backups, on the other hand, are off by default, and Android uses various third-party backup apps).

Read more: iCloud naked celebs hack lessons: People can't be trusted with their own online security (opens in new tab)

As we did yesterday, Apple has advised iCloud users that to be fully secure, they need a strong password and to enable two-factor authentication.

However, Cubrilovic also said: "Two-factor authentication for iCloud is useless in preventing passwords or authentication tokens being used to extract online backups."

He goes into great detail about what is wrong with Apple's current account recovery process and how that can be leveraged by hackers – read more in his lengthy blog post (opens in new tab).

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.