Apple knew of a flaw in iCloud’s security as early as March 2014 after leaked emails revealed that the firm had the chance to do more to stop naked photos of the likes of Jennifer Lawrence and Kim Kardashian leaking online.
Emails obtained by the Daily Dot and reviewed by a number of security experts claim to show Ibrahim Balic, a London-based software developer, reporting to Apple that he had found a method to break into iCloud accounts.
One of the emails, which is dated 26 March, shows Balic telling Apple that he had successful surpassed a security feature that was supposed to prevent a “brute force” attack used by hackers to crack passwords by trying thousands of combinations.
Later in the email exchange Balic explains that he was able to try out upwards of 20,000 password combinations on any account and went on to report the same problem via Apple’s online bug submission platform.
In another email dated 6 May the issue is still not fixed and an Apple official questions the length of time it would take to find an authentication token for the account before asking if Balic can find a quicker method.
“I believe the issue was not completely solved. They kept asking me to show them more stuff,” Balic told the Daily Dot.
Images of various celebrities began to emerge at the start of September on image sharing site 4chan and a mass hack of Apple iCloud accounts by using the Find My iPhone feature was blamed.
Apple has since denied that it was in any way at fault for the hack and since the leak it has patched up the vulnerability involved as well as increased two-step verification on iCloud accounts.