Apple is implementing more robust iCloud security protocols after a massive breach of celebrities’ accounts—and leak of private nude photos—revealed some weaknesses in the photo-storing service.
CEO Tim Cook revealed the new measures in an interview with The Wall Street Journal about last weekend’s leak, which affected stars like Jennifer Lawrence, Kate Upton who found their private photo collections posted all over the Internet.
Apple had said the hacks were targeted attacks on individual accounts and not the result of a defect in the iCloud service, where the celebs were storing their photos. The hackers were able to guess usernames, passwords and security questions to gain entry.
The new security measures are expected to make it harder for hackers to access accounts with more robust notification procedures when unusual activity is detected. For example, Apple will e-mail and text users to alert them—and double check that it’s the actual user—when attempts are made to change passwords, download data to an unrecognized device or log into an account from an unfamiliar IP address.
In his WSJ interview, Cook reiterated his company’s earlier statement that users should adopt two-step verification.
Also known as “two-factor authentication,” the verification requires users to enter both a password and a unique access code, which is generated by Apple and delivered by e-mail or text. Few people use two-step verification when going to iCloud, however, in part because they may not know about it. It only became available on an opt-in basis in June.
“When I step back from this terrible scenario that happened and say what more could we have done,” Cook told the Journal. “I think about the awareness piece. I think we have a responsibility to ratchet that up. That’s not really an engineering thing.”