Apple to beef up security measures after nude photos stolen

Posted at 8:42 AM, Sep 05, 2014
and last updated 2014-09-05 08:43:08-04

HONG KONG (CNNMoney) -- Apple plans to roll out new security features in the coming weeks that are designed to counter the methods used in a mass theft of nude celebrity photos.

The company will use email and push notifications to alert users when someone tries to change an account password, restore cloud data on a new device, or connect an unfamiliar device to an existing Apple account.

Apple also plans to widen its use of two-factor authentication. That option, available on most email or file-sharing platforms, is a second, temporary password that usually arrives in the form of a text message.

Apple CEO Tim Cook explained the changes in an interview with The Wall Street Journal, his first public comments since private, nude photos of Jennifer Lawrence and other celebrities were leaked on the Internet. An Apple representative confirmed Cook's remarks to CNNMoney.

Apple has concluded hackers were able to force their way into the photo collections through phishing attempts, guessing passwords or figuring out answers to the celebrities' security questions.

Well-guarded systems only let users guess passwords a handful of times before blocking access. But until this week, Apple's iCloud service allowed people to guess passwords over and over again. It would never lock out. Eventually, hackers hit it right.

Apple assured the public the hackers did not break into the company's core computer systems, which house all of its users' data. So iCloud itself was not hacked.

Cook told The Journal that the new notifications would start in two weeks, and users would be empowered to take back the accounts immediately.

The chief executive also defended Apple's security systems, citing the company's work on fingerprint sensors. But he did allow that more could be done to educate users on data safety.

"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told The Journal. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."