Article author Andy Greenberg has spent a lot of time researching a forum (Anon-IB) on the techniques hackers use to gain access to personal photos. One such tool is the Elcomsoft Phone Password Breaker (EPPB) application. Elcomsoft says its software is "an ideal solution for law enforcement and intelligence services," but it seems to be very popular with hackers who try to steal other people's data. While attackers will still have to obtain account information through other methods, the EPPB application advertises a password-bypassed access feature using an authentication token from a synchronized PC system, or Mac.
The technique is not new.
There are several assumptions about the technique hackers used. Naturally, the technique is known only by the one who used it and perhaps the research that will be carried out by Apple technicians and the authorities that have undertaken to clarify the case. We may never know it, as Apple avoids such announcements. We usually learn the vulnerabilities that allowed a violation by the attackers themselves and not by the company.
In this attack, however, the hacker or hackers have preferred to keep their mouth closed.