Earlier this month, hackers had managed to hack into the iCloud accounts of celebrities where they managed to get their hands on compromising photos which then they promptly released to the public. According to Apple after their investigations, they claimed that it was a targeted attack and not a complete breach of iCloud.
However according to a report from The Daily Dot (via MacRumors), it turns out that Apple was made aware of the iCloud security flaw about six months ago prior to the hack. An independent security researcher by the name of Ibrahim Balic had reportedly informed Apple of the flaw back in March. Balic claimed that he was able to use brute force hacking methods to access iCloud accounts.
Apple questioned Balic’s claims and stated in emails to him that they believe such a method would take too long. They had also continued to question him about the exploit and how it would be utilized. Well as it turns out, reports post-hack had revealed that the hackers had used a brute force hacking technique similar to what Balic had described to gain access to the accounts. By then we guess it was too late.
Apple has since implemented additional security features to help protect iCloud accounts, such as requiring a one-time code to access additional iCloud features beyond the basic “Find my iPhone” function.