Skip to main content

Did Apple know about ‘celebgate’ iCloud flaw in March?

Apple knew of a flaw in iCloud’s security as early as March 2014 after leaked emails revealed that the firm had the chance to do more to stop naked photos of the likes of Jennifer Lawrence and Kim Kardashian leaking online.

Related: 4Chan responds to nude celebrity photos by enacting new illegal content policy

Emails obtained by the Daily Dot and reviewed by a number of security experts claim to show Ibrahim Balic, a London-based software developer, reporting to Apple that he had found a method to break into iCloud accounts.

One of the emails, which is dated 26 March, shows Balic telling Apple that he had successful surpassed a security feature that was supposed to prevent a “brute force” attack used by hackers to crack passwords by trying thousands of combinations.

Later in the email exchange Balic explains that he was able to try out upwards of 20,000 password combinations on any account and went on to report the same problem via Apple’s online bug submission platform.

In another email dated 6 May the issue is still not fixed and an Apple official questions the length of time it would take to find an authentication token for the account before asking if Balic can find a quicker method.

“I believe the issue was not completely solved. They kept asking me to show them more stuff,” Balic told the Daily Dot.

Images of various celebrities began to emerge at the start of September on image sharing site 4chan and a mass hack of Apple iCloud accounts by using the Find My iPhone feature was blamed.

Related: iCloud hacking scandal sees naked photos of A-list celebrities leaked on 4chan

Apple has since denied that it was in any way at fault for the hack and since the leak it has patched up the vulnerability involved as well as increased two-step verification on iCloud accounts.

Jamie is a freelance writer with over eight years experience writing for online audiences about technology and other topics. In his time writing for ITProPortal he wrote daily news stories covering the IT industry and the worldwide technology market, as well as features that covered every part of the IT market, from the latest start ups to multinational companies and everything encompassed by the IT sector. He has also written tech content for our sister publication, TechRadar Pro. Jamie has since moved into sports betting content and is Content Manager at Betbull.