Originally Posted by
mrisoli
As for the whole iCloud hacking, remember no one proved it was a security breach, it was very likely it was just social engineering and that says nothing about iCloud's security, just about carelessness by the celebrities involved, they need to understand that a lot of information about them is public data(birthdate, pets names and similar information in general), and many people make emails and/or passwords using a combination of these little things, its probably not very hard to extract information on these people.
The "hackers" did it through a dictionary password attack (theoretically they could have brute forced it as well). Because Apple never enabled locking out the password after x number of attempts, it essentially gave them an unlimited number of tries to guess their password.
Shame on Apple for not instituting even the most basic brute force protection. Double shame on Apple for blaming their *customers* after the breach happened. The good news is, even though Apple denied it was their fault, they did institute brute force protection on find my iPhone logins. 5 tries and the account locks now. This is the way it should have been all along.