Apple unveiled a two-step verification option for iCloud accounts now also extends to iCloud backups, preventing attackers who know the target’s password from installing the target’s backup on a new device.
The move released via an email sent on Tuesday to all users who are already using two-step verification to protect their Apple ID. The recipients ended up directed toward the Two-Step Verification FAQ page for additional information.
If the two-step verification feature has been enabled, the second verification factor — the 4-digit verification code sent to the user’s phone — has to be entered when signing in to My Apple ID; in to iCloud; making an iTunes, iBooks, or App Store purchase from a new device; and when getting Apple ID related support from Apple.
The change was the result of recent leak of photos of celebrities.
A few days after the hacks became public, Apple said iCloud itself did not suffer a hack attack. It now appears the leaked photos ended up stolen by attackers who guessed or brute forced the victim’s Apple account passwords, or have social engineered or tricked the victims into revealing the passwords.
At the time, Apple advised users to use strong passwords and to enable two-step verification.