這兩天一眾荷里活(好萊塢)巨星及名模等的艷照流出事件鬧得熱烘烘,還未被公開照片的明星們個個都擔心不矣。這事件懷疑跟iCloud有關,事後亦有消息指出有人是藉著暴力破解Find my iPhone的服務而提取到受害人的帳號資料。就事件發生日近兩日,Apple終於正式發出新聞稿作回應。
Apple在回應中指出,事件發生後他們已經立即要求工程師們追查事件。在經過40小時的調查後,發現這是針對某些名人的帳戶作出的攻擊,以獲得他們帳戶的登入名稱以及密碼,從而盜取資料。Apple續稱,這些黑客活動在現時的網絡世界上屢見不鮮。事件中並沒有涉及是由於Apple服務,包括iCloud以及Find my iPhone等系統的漏洞所引起。Apple就該事件已報警處理,希望可透過跟執法人員的配合捉拿到凶手。
就新聞稿回應可見,Apple歸咎於使用者們沒有好好保護自己的帳號。相信不少人在不同網站使用同一套登入名稱及密碼,而且還是一些很簡單的密碼,就些就是導致帳號被入侵的關鍵。在這情況下,黑客拿到A網站的登入資料就可以入侵你在B,C,D網站的帳號。但當然,Apple這次系統可輕易被黑客們以暴力手法去撞破密碼也是比較鬆懈的,絕對有需要再作改善。現時很多網站,包括Apple自己已經提供了兩步帳號驗證(設定教學按此),若然你還是不設定好,到頭到來帳號再以這樣的方法被盜,又能怪誰呢!
新聞程原文如下:
CUPERTINO, Calif.–(BUSINESS WIRE)–We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
