> Apple’s iCloud servers which have a history of being hacked.
Bold claims need strong proof. Have a source for this?
The only major hack I’m aware of was the Fappenning, which was widely accepted as an issue of password reuse across sites, and Apple responded by making it difficult to avoid using MFA.
Thank you for pointing this out—I appreciate it and have upvoted your comment. My original complaint was based on my memory of the 2014 iCloud celebrity scandal involving passwords. As I recall, there was a security issue where hackers exploited the “forgot password” mechanism. I believe Apple had very lax mechanisms in place at the time. However, since this wasn’t a complete compromise of iCloud, I’ve removed that detail from my main point to make it clearer.
It was hackers ringing up phone companies, acting as celebrities or agents and asking for replacement SIMs. Or pretending to be Apple Support. And then social engineering around the MFA process. Apple’s security was on par with everyone else in the industry.
In 2014, Apple had an iCloud issue with a vulnerability in Apple's Find My iPhone API, which lacked rate-limiting, allowing attackers to perform brute-force password attacks without restriction. Apple denied that this was the cause of the celebrity photo releases, but they also patched several bugs relating to security and began promoting two-factor authentication.
