An update on the major Apple data breach controversy
September 9, 2014

Some of the largest technology firms have been in the news for all the wrong reasons in the past few months, as many have been accused of missing flaws and vulnerabilities in core systems, devices and applications that have directly led to significant instances of information loss. Data breaches have been fast-growing and even accelerating with respect to the number and diversity of victims throughout the past several years, while advocacy groups have continued to urge organizations to take security more seriously. 

Apple has had somewhat of a busy couple of weeks, as one of the more substantial invasions of celebrities' privacy came with a wealth of allegations against the major technology firm. Countless public figures saw pictures and videos that were stored on their Apple devices be exposed to the public by what many believe to be only one perpetrator or small group, while the manufacturer has since openly stated that it was conducting an investigation. 

First, experts were pointing fingers at the iCloud and the Find My Phone app as two areas that could have had a vulnerability which led to the breach, but this has not been substantiated quite yet. What has been clear even before this breach is that poor credential management is leading to these major instances of information exposure and damage, and a more advanced approach to security – especially for mobile phones and apps – is critically important going into the next few years. 

Initial conclusions
Apple published a special media advisory this past weekend to defend itself against the allegations made that its own negligence led to the exposure of the explicit photographs and videos in question. As a note, a high number of celebrities – mostly females – including Jennifer Lawrence were victimized by this attack, and social media websites have been buzzing with discussions of who is to blame. 

The IT firm, though, has stated that it does not believe a flaw in its systems were to blame. 

"We wanted to provide an update to our investigation into the theft of photos of certain celebrities," officials from the firm stated. "When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source. Our customers' privacy and security are of utmost importance to us."

Apple devices and products have been traditionally stronger with respect to security performance than others, but this event called many matters into question.

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," they continued. "None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved."

The firm went on to urge its customers to follow more progressive credential controls and leverage two-factor verification to avoid being victimized. 

Security without the headaches
Mobile device security has quickly become one of the more important types of protection among businesses and consumers in the past five years, as BYOD is now a highly common trend among virtually every industry. Sometimes companies will balk on more progressive security because they do not want to hinder productivity, but the fact remains that user experience and corporate protection go hand in hand. 

Rather than relying on the old logins and passwords that have proven ineffective, enterprises should consider leveraging dynamic authentication tools that anchor identities to devices, providing a better user experience and tighter access control.