Many feel that the event now commonly known as The Fappening occurred as a result of a breach in iCloud security, but Apple has repeatedly refuted those claims and said that, “none of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.” A report from Daily Dot, however, suggests that Apple may actually have known a lot more than they were letting on.

In March of 2014, emails exchanged between London-based computer programmer Ibrahim Balic and Apple indicate that Balic had discovered a significant hole in the iCloud’s security, making it possible for him to infiltrate other users’ accounts. Basically, Balic discovered that Apple was not limiting the number of login attempts to a given account. That meant that Balic was able to try over 20,000 password combinations without ever being locked out, enough tries to successfully gain access to nearly any account.

Apple failed to take any action on Balic’s concerns, which he voiced to the company both via email and via their bug reporting module on the Apple website. While it’s unknown if this was the same tactic used to obtain celebrities like Jennifer Lawrence and Kate Upton’s nude photos, it very well could be. And even if it isn’t, it’s a little alarming that Apple would ignore so glaring a flaw in their iCloud system until something went disastrously awry.

[via Daily Dot]