Apple, it turns out, was aware of the security loophole in iCloud months before it was exploited by a hacker to leak nude photos of Hollywood celebrities online, Daily Dot reports. The publication claims that a London-based security researcher Ibrahim Balic had emailed Apple to let it know about a method he had discovered for breaching iCloud accounts.
On March 26, Balic sent Apple an email informing them about the vulnerability he had discovered in iCloud. This would allow a hacker to circumvent the brute-force attack prevention system that Apple uses to safe-guard its services from hack attacks. For those who are unaware, Brute-force is a method that allows one to try thousands of password combinations every second. To protect their service from such attacks, several companies, including Apple has disabled the number of times one use can try to log into the account. Balic had found a way to try over 20,000 password combinations on any account.
As you can see in the screenshots, Balic also used company s online bug submission platform to let Apple know about the breach. An Apple representative did reply back to Balic, but it seems the company was not able to resolve the problem in time.
Apple has maintained its stance, which was again confirmed by CEO Tim Cooks in multiple interviews and statements, that iCloud was never hacked. Hackers were able to get into celebrities accounts by using attacks like phishing, and probably correctly guessing the security questions.
Apple has since added a new security feature to bolster iCloud s security. The company now emails users if their account is accessed from a new or difference device, as well as when a request to take backup of their iCloud is made. The company will also soon add push notifications alert to instantly prompt users of any such logins or success.
After the first round of security breach, wherein the nude photos of Jennifer Lawrence, and Mary E Winstead leaked onto the Web, similar intimate photos of Kaley Cuoco and Kim Kardashian were also leaked in the second round of hack that took place earlier this week.