Majerczyk was charged in a Los Angeles, California district court, but will enter his guilty plea in the Northern District of Illinois. He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "Celebgate," likewise entered into a plea agreement in March with a recommended sentence of 18 months in prison.
Between November 2013 and September 2014, Majerczyk and Collins engaged in a phishing scheme to obtain the iCloud and Gmail usernames and passwords of over 300 victims, including female celebrities, according to court documents. The perpetrators sent their victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.
Majerczyk and Collins used the credentials to illegally access accounts and extract private information, which included nude photographs and videos. In September 2014, hundreds of nude photos of celebrities were then leaked on online image board 4chan before spreading to multiple internet sites, but investigators have not yet been able to find any evidence that either of the men were directly behind the leak.
Shortly after the breach occurred, Apple conducted an investigation that revealed the accounts were compromised by weak passwords -- a Find My iPhone flaw may have also played a role. Apple then strengthened security by adding email alerts when iCloud accounts are accessed on the web, allowing app-specific passwords for third-party apps accessing iCloud, and enabling two-factor authentication on iCloud.com.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty
