US authorties have arrested two men on suspicion of developing an app that enabled users to steal credentials to access accounts for the image-sharing site Photobucket.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The arrests reflect the “FBI’s commitment to investigate those who undertake activities such as this with the intent to harm a company and its customers”, said FBI Denver special agent in charge Thomas Ravenelle in a Department of Justice (DoJ) statement.
The privacy-breaking app allowed users to gain unauthorised access to private images and videos stored using the service for nearly two years between 12 July 2012 and 1 July 2014.
It is not known how many Photobucket members were affected by the breach, reports the BBC.
“The purpose of the conspiracy was for the conspirators to enrich themselves by selling passwords and unauthorised access to private and password-protected information, images, and videos on the internet, and by selling private and password-protected information, images and videos that the conspirators obtained from the internet,” according to the DoJ statement.
Read more about US action against cyber criminals
- A US journalist and self-styled spokesman for the hacking collective Anonymous has been sentenced to five years in jail
- The US is demonstrating strong resolve to act against cyber criminals in extraditing Vladimir Drinkman
- US authorities have jailed a cyber criminal for 20 years, for trading in stolen credit cards and identities
- The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures
If found guilty, Brandon Bourret, 39, of Colorado Springs, and Athanasios Andrianakis, 26, of Sunnyvale, California, face up to five years in jail and a fine of up to $250,000 for conspiracy.
They face one count of computer fraud, aiding and abetting, which also carries a penalty of up to five years in jail and a fine of up to $250,000.
Finally, they each face two counts of access device fraud, which carries a penalty of not more than 10 years in federal prison, and up to a $250,000 fine per count.
According to court documents, evidence against the pair includes customer support messages sent to users of the app and PayPal payment records.
The ability of law enforcement officers to trace payments through channels like PayPal has led in recent times to cyber criminals increasingly using bitcoin and other cryptocurrencies.
Photobucket chief technology officer Michael Clark congratulated US law enforcement officers for identifying the two suspects.
"We will continue to support the government's work and our users through this ongoing criminal investigation," he said in a statement.