Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,713
10,127



Edward Majerczyk, a 28-year-old Chicago man who played a role in the phishing of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, according to court documents made public on Friday.

Majerczyk was charged in a Los Angeles, California district court, but will enter his guilty plea in the Northern District of Illinois. He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "Celebgate," likewise entered into a plea agreement in March with a recommended sentence of 18 months in prison.

Between November 2013 and September 2014, Majerczyk and Collins engaged in a phishing scheme to obtain the iCloud and Gmail usernames and passwords of over 300 victims, including female celebrities, according to court documents. The perpetrators sent their victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

Majerczyk and Collins used the credentials to illegally access accounts and extract private information, which included nude photographs and videos. In September 2014, hundreds of nude photos of celebrities were then leaked on online image board 4chan before spreading to multiple internet sites, but investigators have not yet been able to find any evidence that either of the men were directly behind the leak.

Shortly after the breach occurred, Apple conducted an investigation that revealed the accounts were compromised by weak passwords -- a Find My iPhone flaw may have also played a role. Apple then strengthened security by adding email alerts when iCloud accounts are accessed on the web, allowing app-specific passwords for third-party apps accessing iCloud, and enabling two-factor authentication on iCloud.com.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty
 
  • Like
Reactions: Sunny1990

Tech198

macrumors G5
Mar 21, 2011
14,833
1,899
Australia, Perth
They weren't hacked... 9to5Mac reported this correctly.
so did MR :) one lead just follows another here.

Too many instants of services getting "hacked" with weak passwords.. I would understand a "hack" only that would relate if these accounts had strong passwords only, but not weak. I guess most of it it centered around Find my iPhone issue?

Don't click on emails claiming to be from Apple to reset your password.
Don't click on HTML links in email period...

Instead use "Plain text" to view... While it looks ugly, as least u can see everything for how it is, not how it's not.
 

Joe Rossignol

Editor
Staff member
May 12, 2012
632
1,797
Toronto

thermodynamic

Suspended
May 3, 2009
1,340
1,192
USA
"Hacked".

Clickbaity title yet again from MacRumors. Lovely.
Or other media sources that use the same baiting - which is just about all of them or is it stereotyping to suggest that?

Don't click on emails claiming to be from Apple to reset your password.
Most people know that. All do not. Why not? Are there better ways the message can get sent across? Like at a cash register or payment slip in big letters? /freeR&D
 

JonneyGee

macrumors 6502
Jun 8, 2011
348
1,208
Nashville, TN
Don't click on emails claiming to be from Apple to reset your password.
Definitely check URLs before you click any email link, especially related to passwords. Some services do use email to reset passwords, but it's not too hard to verify the legitimacy of such emails — check the URL, check the sender's email address, etc.
 
  • Like
Reactions: jezbd1997

EricTheHalfBee

Suspended
Mar 10, 2013
467
739
The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.
Can't upvote this enough. When this first came out, that loser wannabe hacker uploaded his kiddie script to Github with the claim that it brute forced iCloud passwords. Everyone (well, not everyone - only the Apple haters/trolls who know nothing about security believed this guy) linked this fool and his tool to iCloud and claimed it was what hackers used to brute force iCloud.

Then a bunch of security researchers and tech blogs downloaded this tool and ran it and promptly found out it didn't work. The guy responds by saying "well it used to work, Apple must have fixed it". And with that simple lie, suddenly people actually thought his script worked and that Apple actually issued a fix. Never mind that he couldn't provide any proof. He pulls off one of the biggest hacks ever, and doesn't even bother to document anything to prove it worked. We're supposed to just take his word.

And to this day you still have a legion of idiots believing iCloud was hacked/brute forced when in reality it was just plain old phishing and password resets.
 

EricTheHalfBee

Suspended
Mar 10, 2013
467
739
You can thank the sensational liberal media for that. They'll write anything to grab attention. Facts are a nuisance in their world.
We can also thank them for mentioning iCloud at every turn while leaving out the fact that Gmail accounts were also phished (at least MR did point out that this individual was sentenced for both iCloud and Gmail accounts). But most people think this was an "iCloud ONLY" thing.
 

SpiderDude

macrumors regular
Jan 29, 2008
224
320
Portugal, Europe

dontwalkhand

macrumors 603
Jul 5, 2007
5,378
1,479
so did MR :) one lead just follows another here.

Too many instants of services getting "hacked" with weak passwords.. I would understand a "hack" only that would relate if these accounts had strong passwords only, but not weak. I guess most of it it centered around Find my iPhone issue?



Don't click on HTML links in email period...

Instead use "Plain text" to view... While it looks ugly, as least u can see everything for how it is, not how it's not.
While I know some celebrities are tech savvy, I doubt Kim kardashian would know how to put her iPhone in plain text view and look at the html code to see if it's a legitimate email from Apple.

Most of these celebs probably saw the email from Apple, and clicked it.
[doublepost=1467649130][/doublepost]
Of course they were hacked. I'm sure Lindsey Lohan and Taylor Swift double salt hash their passwords and enable two-factor authentication.
Taylor Swift actually is pretty tech savvy, watching some documentaries.

Lindsey Lohan on the other hand, her password was probably "puppies"! With no Touch ID setup on her phone! LOL!
 
  • Like
Reactions: satcomer

Zirel

Suspended
Jul 24, 2015
2,196
3,008
Of course they were hacked. I'm sure Lindsey Lohan and Taylor Swift double salt hash their passwords and enable two-factor authentication.
Taylor Swift and Lindsay Lohan aren't, as far as I know, backend developers to salt the hash of their passwords.

And double salting is just useless.
 
  • Like
Reactions: Alenore

Gasu E.

macrumors 601
Mar 20, 2004
4,578
2,550
Not far from Boston, MA.
Or other media sources that use the same baiting - which is just about all of them or is it stereotyping to suggest that?



Most people know that. All do not. Why not? Are there better ways the message can get sent across? Like at a cash register or payment slip in big letters? /freeR&D

Hollywood stars make a good target, because they are very busy, and get zillions of messages and emails. While exhibiting click discipline may seem trivial to us normal people, try imagining what it would be like if you were, quite literally, 10,000 times as popular as you are now.
 
  • Like
Reactions: ike1707

fourthtunz

macrumors 65816
Jul 23, 2002
1,187
653
Maine
wow 5 years in prison for this?
This country loves to throw people in prison!
Lots of money in the prison system, too much tax money being spent!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.