“Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions,” Nick Evershed and Paul Farrell report for The Guardian. “This is assuming they don’t have two-step verification enabled.”
“If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts,” Evershed and Farrell report. “You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.”
“While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used,” Evershed and Farrell report. “To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get.”
See how far they got in the full article here.
MacDailyNews Note: Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.
Always use unique passwords, do not reuse passwords for different services, and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, this system works like a dream.