iCloud is Apple’s own cloud storage service which has recently been in the news because of a massive leak of celebrity nudes and photos. While Apple denied that iCloud was at fault for the leak of the image, it seems that the company is taking responsibility for the breach. Apple issued a security warning to iCloud users, informing them that iCloud has been under organized attack from malicious sources. Apple warned iCloud users not to give out their Apple ID credentials to websites popping up with security warnings.
There have been quite a few rumors flying around about Chinese espionage affecting iCloud. Apple hasn’t said anything about China in its security warning, but many users on the web are saying that they are getting certificate warnings when logging into their cloud storage accounts. People are starting to think that a massive man in the middle attack is underway, though Apple has reassured iCloud users that its servers have not been compromised. Suspicions about the Chinese government being the perpetrator of various recent hacking incidents have arose among web surfers. Reportedly, the Chinese government has been placing its own websites in between iCloud users and the official website so that they can get a hold of Apple IDs and other credentials. Chinese authorities have denied being involved with hacking iCloud.
While Apple hasn’t said anything about who is the author of the organized attacks, suspicions about China are growing. Apple has published the following security warning for iCloud users: “Apple is deeply committed to protecting our customers’ privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser. The iCloud website is protected with a digital certificate. If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed. Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify that they are connected to the authentic iCloud website, users can check the contents of the digital certificate as shown below for Safari, Chrome, and Firefox—each of which provides both certificate information and warnings.”