The public release of the iDict tool, and subsequent test usage worldwide, suggests that all iCloud accounts are vulnerable to brute-force hacking.
The designer of the iDict tool claims that it can access any iCloud account given the email address associated with that account.
While its designer claims to have made the tool in order to alert Apple to a security flaw, directly informing Apple seems like the less dangerous way to accomplish that, rather than publicizing the flaw and publishing a tool to exploit it.
Either way, this represents the second major iCloud security story in six months, following the massive leak of celebrity photos last year. As a result, iCloud users may be left wondering if their files are safer elsewhere.
According to the publisher of the iDict tool, Apple has patched the issue.