igor - Fotolia
US authorities say the man charged with hacking into Apple iCloud and Gmail accounts to copy nude photos and videos of celebrities is to plead guilty.
The 36-year-old Ryan Collins of Lancaster, Pennsylvania is accused of hacking into at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014.
He faces at least 18 months in jail, but that could be extended to five years, reports the BBC. He also faces up to $250,000 in fines, and might have to pay compensation to his victims.
Collins is believed to have gained access to the accounts by sending phishing emails to victims, that appeared to be requests from Apple and Google for their login details.
According to court documents the phishing emails were sent from several email addresses intended to trick recipients by appearing to be legitimate, such as: email@example.com and firstname.lastname@example.org.
Collins then used the login details provided to search for nude photographs, videos and other content of victims, which included celebrities such as Jennifer Lawrence, Kirsten Dunst and Ariana Grande.
In September 2014, some of the images were posted on web forums 4chan and Reddit, initially sparking unfounded fears that the security systems of Apple’s iCloud had been compromised.
Collins has reportedly not been charged in connection with the images being posted online.
Read more about two-factor authentication
- Apple introduces two-factor authentication for iCloud and other services to protect users from hackers trying to access their accounts.
- Swiss researchers propose a two-factor authentication system that does not require user interaction to help speed adoption of strong security.
- The web’s top brands implement two-factor authentication for consumer web authentication.
- It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises.
"Investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained," the US Justice Department said in a statement.
At the time, security commentators said the incident underlined the importance of using two-factor authentication for online accounts, to keep hackers out even if passwords are compromised.
Following the compromise of the celebrities’ iCloud accounts, Apple recommended users choose a strong password and enable two-factor authentication.
Apple also announced that it would alert users through email and push notifications when any changes to account settings were made.
David Bowdich, the assistant director in charge of the FBI's Los Angeles field office, said people from all walks of life continue to suffer the consequences of this crime.
The FBI strongly encourages users of internet-connected devices to strengthen passwords and to be sceptical when replying to emails asking for personal information, he said.
The FBI said the case against Collins is part of an "ongoing investigation", indicating that there may be further arrests, possibly related to the leaking of the images online.