Apple has clarified that the yet-to-be-identified hacker or hackers who recently leaked nude photographs of celebrities did not breach any of its systems.
Dozens of personal photos featuring nude celebrities leaked online last weekend, with many reports subsequently asserting that Apple was to blame for the invasion of privacy. More specifically, it was widely thought that at least one hacker was able to violate the privacy of celebrities by exploiting a security flaw in Apple's iCloud platform or Find My iPhone service.
Buzzfeed was one of the first sites to report a hacker may have taken advantage of an iCloud gitch or even a Photo Stream failure in order to steal nude photos of mostly female celebrities - such as Jennifer Lawrence, Rihanna, Ariana Grande, Kate Upton, Kaley Cuoco, and many others - and post them on the online message board 4chan. Apple however has denied those claims, after conducting roughly 40 hours of investigation.
"We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source," Apple announced in a statement released on 2 September. "Our customers’ privacy and security are of utmost importance to us."
The company continued, "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone."
READ: Apple iPhone 5S review
The company said it would continue to work with law enforcement to help identify the criminals involved, and it recommended people visit its support pages for more information on how to setup a strong password as well as two-step verification.
In other words: Apple has put the blame on the hacker's ability to crack weak username, password, and security question combinations.