nito - Fotolia
US authorities have jailed a Lancaster, Pennsylvania man for 18 months for hacking into Apple iCloud and Gmail accounts to copy nude photos and videos of celebrities.
The 36-year-old man, Ryan Collins, is believed to have hacked into at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014.
He had faced up to five years in jail and a $250,000 fine, but received a lighter sentence in exchange for his guilty plea.
Collins pleaded guilty to hacking into accounts belonging to several celebrities, including Jennifer Lawrence, Kate Upton, Rihanna and Avril Lavigne.
He conducted a phishing scheme to trick victims into giving him their log-in credentials by sending emails that appeared to be from Apple or Google.
Collins used the credentials to access accounts to steal nude photographs and videos from the accounts belonging to female celebrities.
“In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups,” the US Attorney’s office said in a statement. “In addition, Collins ran a modelling scam in which he tricked his victims into sending him nude photographs.”
However, investigators said they did not find evidence linking Collins to the so-called “Celebgate” or “Fappening” leak of nude celebrity photographs in 2014.
Read more about two-factor authentication
- Apple introduces two-factor authentication for iCloud and other services to protect users from hackers trying to access their accounts.
- Swiss researchers propose a two-factor authentication system that does not require user interaction to help speed adoption of strong security.
- The web’s top brands implement two-factor authentication for consumer web authentication.
- It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises.
In July 2016, another hacker, 28-year-old Edward Majerczyk of Chicago, Illinois, also pleaded guilty to gaining authorised access to celebrity iCloud and Gmail accounts and stealing nude images that were leaked online in 2014.
Majerczyk is believed to have stolen the log-in credentials for more than 300 Apple iCloud and Gmail accounts between November 2013 and August 2014, including those of around 30 celebrities, according to a statement by the US Attorney’s Office.
Although Majerczyk used similar methods as Collins, US authorities have not made any connections between the two men and neither have been linked to leaking stolen private images and videos online.
Following the compromise of the celebrities’ iCloud accounts, Apple recommended users choose a strong password and enable two-factor authentication. Apple also announced that it would alert users through email and push notifications when any changes to account settings were made.
At the time of the leaks, Apple strongly defended its security of its iCloud services, and subsequently found that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions.
“None of the cases we have investigated have resulted from any breach in any of Apple’s systems, including iCloud or Find my iPhone,” the company said.