Some of the private photos stolen by hackers in recent days appear to have come from icloud accounts. Kirsten Dunst was reported as saying “thank you icloud” when several of her photos were released on public forums and websites. icloud might also hang its head in shame for, at the least, not enforcing really good passwords, and this is probably the method used by the so called hackers. It’s called brute force but could also be called guesswork and hard slog because what they might have done was hack a low level database to get the password that many people use as a universal password, then move over to icloud login screen and give it a try.
They also might have found out the name of Kirsten Dunst’s dog or cat and tested that as a password, or spent days on variations such as nameofdog123, name of dogabcd. They may also have run a dictionary attack (the real brute force hack tool). The icloud server may have allowed multiple attempts to guess a password. If this is the case we would assume this will be fixed now that real celebrities are affected. It is generally known in the hacker world that resides in the layers of the dark web that getting someone’s email address is 70% there. The rest is, as indicated above, guesswork and patience.
icloud, like Microsoft’s Onedrive, is a great way to keep photos and documents safe from loss due to failed hardware or theft, but the vulnerable attack vector is weak passwords. I use a password generator to create complicated passwords like this 2AzMiRPa, then I record it, and change the password regularly. I also do not use the same password for multiple websites that are important and need to be secure.
It would be interesting to know what Kirsten Dunst’s password was. DunstABC?