Apple says its investigation indicated certain celebrity online photo accounts were hacked in a targeted attack, and it hasn't found a breach in its iCloud or "Find my iPhone" systems. The incident comes just a week before Apple is set to unveil its latest iPhone that could push the company deeper into health and finance.
One week before Apple Inc. AAPL +0.78% Apple Inc. U.S.: Nasdaq $103.30 +0.80 +0.78% Sept. 2, 2014 4:00 pm Volume (Delayed 15m) : 52.78M AFTER HOURS$103.26 -0.04 -0.04% Sept. 2, 2014 7:59 pm Volume (Delayed 15m) : 787,391 P/E Ratio 16.58 Market Cap $613.76 Billion Dividend Yield 1.82% Rev. per Employee $2,214,380 110.00107.50105.00102.50 09/03/14 Nokia Plans to Unfurl New Mobi... 09/02/14 KKR to Buy Stake in Smart-Home... 09/02/14 Apple Denies iCloud Breach More quote details and news » AAPL Your Value Your Change Short position plans to show off its new iPhone, the company is battling to preserve its reputation for protecting users, following the leak of nude photos of celebrities from its online services.
Apple on Tuesday denied that its online systems had been breached, deepening the mystery of how the private photos leaked onto the Internet. Apple said certain celebrity accounts were compromised by "a very targeted attack on user names, passwords and security questions."
On Sept. 9, Apple is expected to unveil the latest version of the iPhone, with new features that would increase the amount of private, valuable information stored with the company.
Apple has said the new iPhone's software will feature a way to collect and share health-related data. Another new feature is expected to allow users to pay for real-world items with their iPhone using credit cards stored on iTunes.
Apple moved Tuesday to address reports that surfaced over the weekend that the leaks of the photos could stem from a bug in its iCloud storage service that allowed potential hackers to try an unlimited number of passwords until they stumbled upon the correct one.
Apple said there is a limit on the number of incorrect passwords an iCloud user can enter before its system locks the account. The company declined to specify the exact number of incorrect attempts that would trigger an account lockdown.
"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud," Apple said in its statement.
"We are continuing to work with law enforcement to help identify the criminals involved."
The FBI said it is "aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter." The agency declined to elaborate.
In the past, Apple has portrayed itself as the more secure alternative to its competitors, famously lampooning the security measures in Microsoft Corp.'s Windows operating system in a television commercial.
Investors shrugged off the news, sending Apple shares 0.8% higher at $103.30.
The hack has exposed Apple to the type of negative publicity that it usually manages to avoid. The company is known to court celebrities, fulfilling special requests and offering dedicated technical support for VIPs.
Actress Kirsten Dunst, who has been identified as a subject of some of the leaked nude photos, took to Twitter TWTR +2.55% Twitter Inc. with a sarcastic post: "Thank you iCloud." She completed her tweet with emojis of a slice of pizza and something often taken on the Internet as a pile of excrement.
Other celebrities identified as possible victims of the hack included actress Jennifer Lawrence and model Kate Upton.
A spokesperson for Ms. Lawrence called the hack a "flagrant violation of privacy" and that the authorities have been contacted and they will prosecute anyone who posts the stolen photos. Ms. Upton's attorney Lawrence Shire said they intend to "pursue anyone disseminating or duplicating these illegally obtained images to the fullest extent possible."
Apple had more than 320 million accounts for its iCloud service as July 2013. The online system stores photos, music, emails and other data from Apple devices. It also supports other services such as Apple's Find My iPhone feature that allows people to locate phones that are misplaced or stolen.
Apple suggested that users make sure they have a strong password and they enable two-step verification—a security feature that requires users to first type a password and then perform a second step, such as typing in a code received by text message.
Apple said there has been and continues to be a limit on the number of incorrect password attempts a user can try in iCloud before its system locks down the account. Getty Images
Even though the cause of the picture-hack remains unclear, there are enough details to indicate the iPhone-maker could have prevented the intrusion with increased security measures, said Ashkan Soltani, an independent security researcher who has worked with The Wall Street Journal in the past.
The hackers likely still had to guess the passwords, or answers to security questions, of the celebrities whose accounts they breached. Mr. Soltani said Apple appears to have allowed hackers enough chances to guess the right answer.
He compared the shortcoming to an apartment building with a doorman. Even if a burglar steals a resident's key ring, a doorman would likely become suspicious if an unknown person tried all 10 of a person's keys before gaining entry. In this case, he said, "One of the doors didn't have a doorman."
Write to Daisuke Wakabayashi at Daisuke.Wakabayashi@wsj.com and Danny Yadron at email@example.com