In a newly-released update on its investigation into the celebrity photo hacking scandal, Apple said Tuesday that its engineers believe the incident did not occur through a breach in Apple's systems, including iCloud or Find my iPhone.
"When we learned of the theft, we were outraged and immediately mobilized Apple's engineers to discover the source," the company said in a statement.
After more than 40 hours of internal investigation, it said,"we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet."
"None of the cases we have investigated has resulted from any breach in any of Apple's systems," the statement said.
According to an earlier report by Endgadget, a security gap in Find My iPhone could have allowed hackers to access iCloud accounts, and that gap has since been patched by Apple. However, even before Apple's latest announcement, it was not clear whether this was the same or the only security flaw that could have allowed the hackers to steal the photos.
Apple says that it is continuing to work with law enforcement to help identify the criminals responsible for the attack.
The FBI announced Monday that it was looking into the hacking incident, saying in a statement that the bureau is "aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter."
Private photos of dozens of celebrities, including actresses Jennifer Lawrence, Mary Elizabeth Winstead and Victoria Justice, singer Ariana Grande, and model Kate Upton were posted online by hackers on Sunday.
"This is a flagrant violation of privacy," Lawrence's publicist Liz Mahoney said in a statement. "The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence."
To protect against similar attacks, Apple said all iCloud users should be sure and protect their accounts with a strong password and two-step verification. Instructions can be found on Apple's website.