SAN FRANCISCO – Apple is ramping up iCloud defenses in the aftermath of hackers swiping nude photos of celebrities from the online digital vault, the Wall Street Journal reported late Thursday.
The Journal quoted Apple chief executive Tim Cook as saying iCloud accounts of film stars including Jennifer Lawrence were looted by hackers who used tactics such as correctly answering security questions to obtain passwords, or tricking victims into revealing user IDs and passwords with ruses referred to as “phishing” scams.
In coming weeks, Apple will start sending people alerts when attempts are made to change passwords, restore iCloud data to new devices, or when someone logs in for the first time from a new Apple gadget, the Journal reported.
Tools will be in place for legitimate users of accounts to seize back control. Cook was quoted as saying that Apple also wants to make people more savvy when it comes to guarding against hackers with strong passwords and other techniques.
“When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece,” Cook was quoted as saying. “I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”
Apple will expand the use of “two-factor authentication,” which requires someone trying to access an account to augment a password with something else such as a temporary code sent by text message to the account holder’s mobile phone.
Apple said Tuesday a “targeted attack” led to the release of nude photos of celebrities including Oscar winner Lawrence but insisted there was no breach of its cloud storage system.
The admission came as experts and lawyers said the hack was a wake-up call about the dangers posed by technology to people’s privacy, whether they are stars or not.
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said.
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
The Federal Bureau of Investigation confirmed it was investigating.
