Over the weekend, the Internet was ablaze following a leaked photo scandal the likes of which the entertainment world had never seen before. Over the course of a few hours, leaked photos of over 100 celebrities -- including A-listers such as Jennifer Lawrence and Kate Upton -- were posted on the web and shared widely across social media sites like Reddit. Twitter, to its credit, said it was shutting down any account that posted links to the private photos.
In the aftermath of the leak, attention quickly turned to how the massive privacy breach occurred in the first place. Initially, it was widely assumed that a zero-day exploit found in Apple's iCloud service was to blame. Indeed, shortly after news of the leak began to spread, Apple issued a statement stating that they were aggressively looking into the matter.
Earlier today, Apple put out a press release claiming that iCloud was not the linchpin of the attack.
Apple's press release reads:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
In other words, compromised iCloud accounts may have been involved, but the "hack" was the result of weak passwords rather than a breach of iCloud security.
If iCloud were in fact found to be the source of the leak, the news could not have come at a worse time for Apple given that it is likely to introduce a mobile payments system next week.
Meanwhile, the FBI is investigating the leaked photos and is trying to determine the identity of the hacker or hackers involved. You might recall that this isn't the first time a hacker has illegally attained access to private celebrity photos. Just two years ago, a hacker named Christopher Chaney was sentenced to 10 years in prison after hacking into the private accounts of over 50 celebrities, including Scarlett Johansson and Christina Aguilera.