A massive reported breach of private celebrity images this weekend has called into question the security of Apple's iCloud service.
Apple says it is investigating claims that hackers were able to access the private iCloud online data storage service by exploiting a vulnerability in its software. According to the Wall Street Journal, a flaw in the Find My iPhone service may have enabled unlimited opportunities for hackers to guess users' iCloud passwords until they could find the right one.
This type of "brute force" attack is normally prevented by password lockout features, but Find My iPhone apparently did not have such a feature until Apple released a corrective patch yesterday.
By acquiring the celebrities' passwords, hackers were allegedly able to access and publish hundreds of private photos taken on their smartphones.
It hasn't been confirmed that the hack was directly related to iCloud, or that many of the pictures are even real. Regardless, the story has led to many consumers questioning the security of cloud storage. Could Apple - or other cloud providers - have done more to secure private information?
Intronis takes steps to secure our cloud against outside threats. Part of that includes a double-layer of military-grade 256-bit encryption both in transit and in storage. It also includes robust security at the data center level, including advanced security controls designed to prevent unauthorized access. You can read more about our security technology in this tech guide.
Critically, our software also includes safeguards to help you craft stronger passwords that are resistant to the type of brute-force attacks that may have led to the iCloud leak. Intronis ECHOplatform requires a complex mix of characters that make it difficult for hackers to "guess" your password. Passwords are also stored encrypted on our end, further limiting the chance anyone could access your account.
As always, partners and their SMBs should follow best practices for password security. That means creating a "strong" password that is long and mixes as many unique characters as possible. On top of that, users should keep their passwords unique - if you use the same password in multiple locations, you run a higher risk for having your information compromised.
It's unclear what fallout will result from the reported iCloud hack, but partners can take the opportunity to let their SMBs know that, despite the dire headlines, their data is safe in a well-secured cloud.