As a result of the Labor Day weekend hacker attack on a number of celebrity iCloud accounts, Apple said Sept. 4 that it will begin enhanced security alerts for iCloud users as soon as possible.
Apple CEO Tim Cook told The Wall Street Journal that due to the security breach, the company now will alert users through both email and push notices if an outsider tries to change a password, move iCloud data to a new device or if a bot or another device tries to log into an account.
Several days ago an as-yet-unidentified hacker broke into the stars’ iCloud storage accounts–the list of which includes actresses Jennifer Lawrence and Kirsten Dunst and model Kate Upton. The hacker then stole nude and seminude images of the women and then published the photos to a Website called 4Chan.org.
It has been called the biggest celebrity hacking scandal to date. It was important enough for the FBI to assemble a team to investigate the case.
Currently, iCloud users receive emails if someone tries to change a password or attempts to log in for the first time from a new device. However, notifications for restoring iCloud data to a new device are new, Cook told The Journal.
Cook also said Apple will increase its use of two-factor authentication, which requires users to present two of three pieces of personal-knowledge information before being able to log in or add a new device.
Apple took a day and a half to respond that it believes the photos were leaked due to targeted attacks on specific accounts and not because of a direct breach of Apple’s storage or mobile security.
Whatever process enabled the breach, this type of problem can happen against any type of cloud storage service. Apple just happened to be the victim in a highly visible attack.
“We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” the company said in a statement. “None of the cases we have investigated has resulted from any breach in any of Apple’s systems, including iCloud or FindMyiPhone.”
When the new feature is turned on, Apple will require users to complete two authentication steps to sign into an iTunes account from a new device. It will be a bit slower and more tedious for users, but that’s the tradeoff for another level of security.
The new feature will be included in the next version of Apple’s iOS mobile-operating system, OS 8, due out later this month. It will enable tighter access to iCloud accounts from a mobile device.
Most mobile-device users are not accustomed to using two-factor authentication for anything, thus Apple said it plans to be more proactive in asking its customers to turn it on as they buy into the next version of the OS. If the celebrities had used two-factor authentication, hackers wouldn’t have been able to guess the correct answer to security questions, Apple said.