Brian Jackson - Fotolia
A second US man has pleaded guilty to gaining authorised access to celebrity iCloud and Gmail accounts and stealing nude images that were leaked online in 2014.
Edward Majerczyk (28) of Chicago, Ilinois used similar methods as Ryan Collins (36) of Lancaster, Pennsylvania, but US authorities have not made any connections between the two men.
Although both used phishing emails to trick celebrities into divulging their passwords, neither have been linked to leaking stolen private images and videos online.
Police investigations into the online leaks that involved more than 100 celebrities, including Rihanna and Jennifer Lawrence, led to the arrest of Majerczyk and Collins.
Collins targeted victims with emails that appeared to come from Apple and Google to get their log-in details, while Majerczyk’s sent messages that looked like security warnings from internet service providers that tricked victims into visiting malicious websites designed to steal log-in information.
Collins is believed to have accessed at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014.
Majerczyk is believed to have stolen the log-in credentials more than 300 Apple iCloud and Gmail accounts between November 2013 and August 2014, including those of around 30 celebrities, according to a statement by the US Attorney’s Office.
“Hacking of online accounts to steal personal information is not merely an intrusion of an individual’s privacy but is a serious violation of federal law,” said US Attorney Eileen Decker. “Defendant’s conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers.”
Read more about two-factor authentication
- Apple introduces two-factor authentication for iCloud and other services to protect users from hackers trying to access their accounts.
- Swiss researchers propose a two-factor authentication system that does not require user interaction to help speed adoption of strong security.
- The web’s top brands implement two-factor authentication for consumer web authentication.
- It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises.
Both Majerczyk and Collins – who pleaded guilty in March 2016 – could face up to five years in jail. They also face a fine of up to $250,000 and may have to pay compensation to their victims.
When the images were leaked online, security commentators said the incident underlined the importance of using two-factor authentication for online accounts, which will help keep hackers out even if passwords are compromised.
Following the compromise of the celebrities’ iCloud accounts, Apple recommended users choose a strong password and enable two-factor authentication. Apple also announced that it would alert users through email and push notifications when any changes to account settings were made.