Unless you’ve been living under a rock for the past month, you have no doubt read about the massive caches of nude celebrity photos and videos that leaked recently. In fact, the odds are fairly good that you’ve even seen some of them, or censored versions of them at the very least. Hackers reportedly obtained the private images by gaining access to online iCloud accounts belonging to more than a dozen celebrities including Kim Kardashian, Ariana Grande, Victoria Justice, Kate Upton, Kaley Cuoco, Aubrey Plaza and Jennifer Lawrence. Now, just in case Apple needed some more bad news, it has been revealed that Apple knew about the security vulnerability that led to the leaks at least six months ago, and it could have easily prevented them.

DON’T MISS: iPhone 6 review

Just days after the leak was determined to have come from iCloud, Apple added a painfully simple security feature to prevent similar hacks. Celebrity iCloud accounts were breached using a series of “brute force” attacks. The process involves little more than constantly attempting to log into an account by attempting hundreds of different passwords each minute, and most responsible companies prevent such attacks by temporarily disabling access to an account if there are too many failed login attempts in a short period of time.

iCloud now has this simple security feature, and it took Apple no time at all to implement it.

Now, for the bad news: The Daily Dot reports that had Apple known iCloud was susceptible to brute force attacks for at least six months, but the company failed to put the aforementioned security measure in place until it was too late.

Independent security researcher Ibrahim Balic discovered the iCloud security flaw back in March of this year, and he emailed Apple’s product security team more than once to notify them of the vulnerability. Balic’s emails, which have now been made public, were indeed received and acknowledged by the product security team, first in March and then again in May of this year.

But Apple did nothing to fix the issue until it was too late.

One of Balic’s emails follows below and the others can be seen by following the link down in our source section.



(click to enlarge)