Nude celebrity hack forces changes at Apple and 4Chan

Apple and image-sharing site 4Chan take security measures after celebrity iCloud accounts were compromised and photos leaked

In a classic case of reactive security, Apple and image sharing site 4Chan have taken additional measures after celebrity iCloud accounts were compromised and private photos leaked online.

Although Apple claims iCloud security was not breached, the company has announced it is taking additional steps to keep hackers out of users' accounts.

After days of speculation about the cause of the leak on 4Chan of private photographs of celebrities including Jennifer Lawrence (pictured), Apple blamed stolen credentials for the breach of privacy.

Apple said the celebrities’ iCloud accounts were individually targeted and that none of the cases it investigated had resulted from a failing of its own systems.

In an attempt to restore confidence in its security systems, Apple has announced that it will alert users through email and push notifications when someone tries to make account changes.

Alerts will be sent when someone tries to change a password or restore deleted information on the data storage system.

Two-factor authentication

Apple also plans to broaden its use of the two-factor authentication security system, which requires a one-time passcode or long access key in addition to username and password to access an account.

In the wake of the iCloud compromise, security experts have criticised Apple for not making two-factor authentication mandatory.

Apple now plans to encourage users more “aggressively” to turn on two-factor authentication in the new version of its iOS mobile operating system, reports The Wall Street Journal. iOS8 is due later in September and will cover access to iCloud accounts.

In an interview with the paper, Apple chief executive Tim Cook acknowledged that Apple could have done more to prevent the attack on female celebrities' accounts.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told the publication. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."

Read more about cloud security

  • Assessing cloud security controls key in repelling cloud attacks
  • Multifactor authentication key to cloud security success
  • SME cloud - blanket security or security blanket?
  • Government releases security guidance for cloud services
  • Most cloud services pose security and compliance risks to European businesses

Copyright enforcement

4Chan has also been spurred into action, announcing that it will finally enact a Digital Millennium Copyright Act (DMCA) policy to let content owners get illegally shared material removed.

Previously the image-sharing site has largely avoided having to actively police content, although it has taken steps to find and remove content involving the sexual abuse of children, according to the BBC.

In addition to taking down illegally shared content, 4Chan said it will notify the person who posted infringing material that the content has been removed in response to a DMCA request.

4Chan users who repeatedly post illegally obtained content will be blocked from the site, but it is not clear what effect the policy change will have on users who post content anonymously.

Read more on Privacy and data protection