Apple came out with the first official explanation for what happened a few days ago when private photos of celebrities leaked online. Their first conclusion: the hackers targeted user names, passwords and security questions and iCloud is still safe.
The Cupertino, California-based tech giant explains in a short Media Advisory the results of the first 40 hours of investigation. Apple says they have immediately mobilized their engineers to discover the source of the celebrities’ photos theft. They say that only certain celebrity accounts were targeted in this attack and the hackers managed to get their usernames and then their passwords and security questions.
Apple explains how none of the cases they have investigated is a result of a breach into iCloud or Find my iPhone. The company works with the FBI to identify the criminals involved.
Rumors say the hackers may be somehow related to 4chan.org website and that some of the admins of the page could be the source of this leak and the hack itself.
Apple recommends all their users to enable two-step verification for their accounts and links to their Apple ID Security page. The two-step authentication requires an email address and a phone number and it is the simplest way to secure your account. Google and other big Internet-related service providers have adopted this feature, but it is up to the users if they want to set it up.
In order to enable two-step verification, you need to go to your Apple ID account page and press Manage your Apple ID, sign in and then go to the Password and Security Menu. The page is going to ask you to answer at least two of your security questions and only then take you to the page you want. The two-step verification takes about four days to enable. Apple will send you an email to your primary iTunes email address and then to the secondary one. When you receive those emails just delete them by clicking anything. They are sent just in case someone else tries to enable two-step authentication for you.
You need to go to the same page and follow the steps as above after four days and you will complete your set-up. In those four days, Apple waits to see if the owner of that account will sign in to disable the request.
There's one thing you need to have in mind. You will receive a Recovery Key and a text message when you try to sign in into your account. If you lose the password and one of the above, you may be permanently locked out of your account. Also, two-step verification is not available in all countries so make sure to check this page to see if yours is on the list.