In an interview with the Wall Street Journal on Thursday, Apple CEO Tim Cook addressed head-on the iCloud celebrity hacking incident from this past weekend. If you recall, nude photos from over 100 celebrities were illegally accessed and published across the web after hackers targeted specific celebrities with phishing and other attacks. Notably, Apple in a press release earlier this week said the incident did not stem from a breach in iCould security.
In any event, Tim Cook explained that Apple is taking steps to make similar attacks more difficult to undertake.
To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.
Cook added that the enhanced security protocol would begin rolling out in about two weeks. All in all, Apple will be making some welcome and arguably long-overdue changes to what many people previously felt were somewhat weak iCloud security mechanisms.
Now, given that the hacking incident seems to have resulted from various social engineering efforts, Cook explained that Apple should have done a better job conveying to users the importance of coming up with strong and hard-to-guess passwords and perhaps more private security questions. As of now, it's largely believed that hackers were able to access celebrity iCloud accounts after correctly guessing their security questions. While the birthday of the average joe off the street may be tough to glean, it's extraordinarily easy to discover all sorts of personal information about well-known celebrities.
To that end, the Journal adds the following blurb from Cook:
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he said. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
Lastly, Cook said that Apple plans to expand its use of two-factor authentication across iCloud.