The issue of legal responsibility for cloud storage providers has come to the fore in the last couple of days following a rash of unauthorized nude selfies from a number of celebrities started showing up on website over the Labor Day weekend. Nude and provocative selfies (obviously not designed for public viewing) taken by well-known actresses such as Jennifer Lawrence and Victoria Justice began appearing on various celebrity websites on Friday night, and the social media universe was soon abuzz with discussion over the hack and the responsible parties.
The bad news for Apple Inc. (NASDAQ:AAPL) is that the hackers who stole the nude selfies apparently accessed the accounts through an obvious vulnerability in the Find My iPhone feature: a lack of “brute force” protection. Almost all websites today don’t allow a user to enter wrong passwords thousands of times, and the account locks after 3-5 failed tries in most cases. The Find My iPhone feature somehow did not include this basic protection, so passwords could be picked by “brute force” — trying every possible alphanumeric combination.
Apple reports it has now patched the vulnerability and hackers can no longer gain access to accounts via that method.