Apple Inc. is hoping to quell security fears by extending its two-factor authentication technology and rolling out new iCloud security alerts when someone tried to make changes to an account.

The move comes in the wake of the last week’s highly publicized nude celebrity selfie scandal, which saw naked pics of female stars like Oscar winning actress Jennifer Lawrence and swimwear model Kate Upton (pictured) plastered all over the web.

The disrobed celeb’s private snaps first surfaced on 4Chan and AnonIB, and metadata from the images suggested that a good number of them were taken using iPhones. For this reason, it’s believed that the miscreants who stole them did so by hacking into the celeb’s iCloud accounts to download the data.

While it’s refused to admit responsibility, Apple has acknowledged that a “targeted attack” took place on people’s user names, passwords and security questions. For this reason it issued advice recommending all iCloud users to “use a strong password and enable two-step verification”.

Unfortunately for Apple, there it seems that even if two-factor authentication was turned on, it wouldn’t have been enough to prevent the celeb nude selfie leak. That’s because the feature doesn’t cover iCloud backups, which can be installed on new devices with only an Apple ID and password. Last week it was reported that the hackers may have used pirated versions of Elcomsoft’s Phone Password Breaker tool to steal private data from iCloud accounts using the email address and password of their targets. The passwords were hacked using a tool known as iBrute, while the emails were obtained by other means.

“Signing into iCloud in order to access say, your backed up photos, does not require two-factor authentication,” mobile security firm Lookout explained in a blog post. “In this case, enabling two-factor authentication would not have helped anyone involved in this latest leak.”

Apple-bashing is a favorite sport among geek media hacks and it’s not surprising the web has been awash with accusations over the company’s security shortcomings. Experts were quick to fault Apple for failing to set a limit on password reset attempts, among other things. This is a basic defence against the kind of brute force attack the hackers are thought to have used to access the celeb’s accounts.

Even worse for Apple is the suggestion that this kind of thing could have happened before. A report in Norway last year alleged that a politician hacked into the iCloud accounts of “thousands of Norwegian girls” and posted their nude pics onto pornographic websites.

Not surprisingly, Apple is now wheeling out its biggest guns as it scrambles to defend its security record. Speaking to the Wall Street Journal, Apple CEO Tim Cook said that while his company wasn’t at fault, it would soon introduce additional security measures to defend against hackers:

“To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.”

The new security notifications are a positive development, but it may be too little too late for Apple. The timing is hardly fortuitous at a time when it’s eager to push its devices further into the enterprise – after all, if photos can be stolen so easily there’s no reason why contact information, emails, SMS messages and other data can’t also be be purloined with a simple iCloud backup.

Most likely the security scare will soon be drowned out by all the buzz surrounding the expected launch of the iPhone 6 later this week, and for Apple, faced with this level of ridicule, that day can’t come soon enough.

Image credit: Peter Ko via Wikimedia Commons