Apples Pressestatement zum ‚iCloud-Hack‘

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

Apple Press Info

Schwieriges Timing. Ein Statement musste raus; Formulierungen wie „None of the cases we have investigated“ entziehen der eigentlich unmissverständlichen Absage an einen Systemfehler aber die Überzeugung.

Doch selbst wenn es keine spezifische iCloud-Sicherheitslücke gab, die zu den „very targeted attacks“ führte, muss man hinterfragen ob das nachweislich schwache Sicherheitskonzept aus Passwort + Sicherheitsfragen + E-Mail-Wiederherstellung, „a practice that has become all too common on the Internet“, nicht abgeschafft gehört¹. Eine Frage, die sich gewiss nicht ausschließlich, aber derzeit insbesondere, an Apple richtet.