iCloud hackers have known for years of an easy way to identify the email address behind an iCloud account. Finding an email address may not sound particularly valuable, but once iCloud hackers know the email address behind an account, they're one step away from gaining full access to the account and raiding its photo backups.
When iCloud hackers find a target, they set about attempting to discover the login information for their iCloud account. The first step is identifying the email address used. Often, hackers will be aware of several email addresses purported to be used by the target. This is where Apple makes it easy for budding nude photo hackers. Apple allows users to test unlimited amounts of emails incredibly quickly.
Hackers explained on pornography forum AnonIB how they use Apple's "Create Account" page to check through masses of possible email addresses. All hackers need to do is enter a potential email address into the email field, and Apple instantly displays whether it's connected to an iCloud account. They don't need to submit any forms, and Apple doesn't limit the amount of tries you have to enter an email address.
Apple instantly tells users whether an email address is linked to an iCloud account
A red circle next to "Be available" means that an email address is tied to an iCloud account
As an anonymous AnonIB iCloud hacker explains:
"When you type it in, it will show 3 things, one being that it is a valid email, one being that it's not currently in use, and a third thing I can't currently remember. Who cares lol. If it shows a green dot next to 'currently in use,' that means it's not being used. If you get a red dot, you're golden, that means it IS being used."
Hackers keep trying possible emails until they get a red dot, indicating that the email address is tied to an iCloud account. From there, they either attempt to crack the password or begin the process of guessing the details used to protect the account.
The first test is to enter the target's date of birth. This will be easy to find for a celebrity
The final step is to answer the security questions. For celebrities, the information will often be readily available online.
Apple has previously moved to clamp down on methods that can be used to attempt to discover login data en masse. On Monday, Apple patched an exploit discovered by a Russian security researcher that allowed hackers to use the Find My iPhone app to test thousands of potential passwords for an account.
However, Apple has yet to modify its sign-up process or iForgot system to deter hackers from gaining access to iCloud accounts. The techniques openly discussed by iCloud hackers on public forums such as AnonIB remain open to use.
