Could celebrities targeted in a recent massive nude photo leak have avoided getting their private photos stolen?
Apple CEO Tim Cook has made his first public comments about the controversy, which had sparked fears about the security of the company's popular iCloud online data storage system. The leak affected the likes of Jennifer Lawrence and Kate Upton, drew the attention of the FBI and spurred an investigation by Apple, who confirmed a "targeted attack" on "certain celebrities."
The Wall Street Journal reported on Friday that Apple is planning new security measures to minimize the chances of similar incidents and that Cook said that stars' iCloud accounts were compromised two different ways—they were either victimized by phishing scams aimed at obtaining login information, or hackers had retrieved their passwords by guessing security questions correctly. He did not mention celebrities by name.
Lawrence, Upton and other celebrities who have confirmed they have had private pictures distributed during the nude photo leak without their permission have not specified how their images were stolen. Hacking private information can carry a prison sentence. No suspects have been arrested in connection with the leak.
Denise Richards, who is not one of the stars who was targeted, had said on Wednesday that she was sent more than 10 emails asking her for her password and threatening to shut down her accounts if she didn't reply and reveal it—a common message seen in everyday phishing scams.
Apple had said earlier this week that none of the theft cases it investigated had "resulted from any breach in any of Apple's systems, including iCloud or Find my iPhone." The Wall Street Journal quoted Cook as saying that none of the Apple IDs and passwords leaked from the company's servers.
The newspaper, which posted the interview four days before Apple is set to release its highly anticipated iPhone 6, also reported that Cook said that within two weeks, Apple will start to send users email and push notifications when a new device is used to log into their iCloud account, when an attempt is made to restore its data or when their password is changed.
Previously, people received emails about password change attempts or new device logins and received no alerts about restoring iCloud data.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told The Wall Street Journal. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."