Although the company said iCloud security was not breached, within days of the leaks Apple announced it would take additional steps to keep hackers out of users' accounts.
Private photographs of celebrities such as Jennifer Lawrence (pictured) were obtained in a “carefully targeted attack on user names, passwords and security questions”, Apple said in a statement.
Security commentators called for Apple to expand its two-factor authentication facility to cover all services, to prevent hackers from using stolen credentials or automated tools to access accounts.
Apple’s two-factor authentication system requires a one-time passcode or long access key, in addition to username and password to access an account.
The system will protect users against attacks using automated tools. One such – Elcomsoft’s Phone Password Breaker – has been named as the likely method used to leak the celebrity photos, reported the BBC.
Despite calls for Apple to make two-factor authentication mandatory or at least enable it as the default, the extra security facility remains optional, requiring users to turn it on.
Read more about cloud security
- Assessing cloud security controls key in repelling cloud attacks
- Multifactor authentication key to cloud security success
- SME cloud - blanket security or security blanket?
- Government releases security guidance for cloud services
- Most cloud services pose security and compliance risks to European businesses
However, Apple has also introduced alerts that are sent to users as soon as an iCloud back-up starts downloading, even if two-factor authentication is not turned on.
After the photo leaks, Apple chief executive Tim Cook told the Wall Street Journal the company planned to “aggressively encourage” people to use two-factor authentication and stronger passwords.
In an interview with the paper, Cook acknowledged that Apple could have done more to prevent the attack on female celebrities' accounts.
"When I step back from this terrible scenario that happened and say what more could we have done, I think about the awareness piece," he told the publication. "I think we have a responsibility to ratchet that up. That's not really an engineering thing."
NSA spying scandal
At the same time as introducing extra technical security measures, Apple has published a 43-page white paper and added a section to its website explaining how the company approaches security and privacy.
The move appears to form part of Apple’s efforts to distance itself from the NSA spying scandals, revealed by whistleblower Edward Snowden, which have been linked to several top US technology firms.
Reports based on documents leaked by Snowden allege that NSA had "backdoor" access to the servers of nine major technology companies.
Apple users' data
The white paper emphasises that Apple’s business model is based on selling products to users, rather than building up a detailed picture of their preferences to sell to advertisers, reports The Telegraph.
According to an open letter by Tim Cook, Apple protects users’ privacy with strong encryption, plus strict policies that govern how all data is handled.
“Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay,” Cook wrote.
According to Cook, Apple believes in telling users exactly what is going to happen to personal information, asking for users’ permission and allowing users to change their minds.
“Every Apple product is designed around those principles. When we do ask to use your data, it’s to provide you with a better user experience,” he said.
Cook concludes by re-iterating that Apple has never allowed government agencies routine access to its servers via a back door, and “never will”.