Yesterday, it was suggested that a breach in Apple's iCloud service was one of the causes behind the recent celebrity photo leaks. Hundreds of private photos of celebrities, including Jennifer Lawrence, Kate Upton and Selena Gomez, were leaked over the weekend on popular online forum 4chan.
In response, Apple immediately sent to its engineers and began investigations and today issued an advisory saying that after more than 40 hours of investigation, it has not found a breach in its iCloud services.
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
Apple also advised users to have a strong password and to enable two-step authentication. Instructions on how to do so can be found here.
However, Apple failed to comment on the specifics of a "targeted attack" and only mentions that it was focused on compromising affected accounts' usernames, passwords and security questions.
This news comes at a bad time for Apple, who is widely believed to be announcing its new iPhone and possibly iWatch next week. iCloud is expected to have a big part to play as Apple continue talks with American Express, Mastercard and Visa on a possible new payment system.