Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Jul 4, 2016.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Edward Majerczyk, a 28-year-old Chicago man who played a role in the phishing of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, according to court documents made public on Friday.

    Majerczyk was charged in a Los Angeles, California district court, but will enter his guilty plea in the Northern District of Illinois. He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "Celebgate," likewise entered into a plea agreement in March with a recommended sentence of 18 months in prison.

    Between November 2013 and September 2014, Majerczyk and Collins engaged in a phishing scheme to obtain the iCloud and Gmail usernames and passwords of over 300 victims, including female celebrities, according to court documents. The perpetrators sent their victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

    Majerczyk and Collins used the credentials to illegally access accounts and extract private information, which included nude photographs and videos. In September 2014, hundreds of nude photos of celebrities were then leaked on online image board 4chan before spreading to multiple internet sites, but investigators have not yet been able to find any evidence that either of the men were directly behind the leak.

    Shortly after the breach occurred, Apple conducted an investigation that revealed the accounts were compromised by weak passwords -- a Find My iPhone flaw may have also played a role. Apple then strengthened security by adding email alerts when iCloud accounts are accessed on the web, allowing app-specific passwords for third-party apps accessing iCloud, and enabling two-factor authentication on

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty
  2. HowEver macrumors 6502a


    May 10, 2005
    The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.
  3. thekeyring macrumors 68040

    Jan 5, 2012
    They weren't hacked... 9to5Mac reported this correctly.
  4. vertsix macrumors 65816


    Aug 12, 2015

    Clickbaity title yet again from MacRumors. Lovely.
  5. LordQ Suspended


    Sep 22, 2012
    Fixed the scandal name for you.
  6. dannyyankou macrumors G3


    Mar 2, 2012
    Scarsdale, NY
    Don't click on emails claiming to be from Apple to reset your password.
  7. Oblivious.Robot macrumors 6502a


    Sep 15, 2014
    As bad as that was, I do feel the silver lining was that we got a beefed up security update to iCloud.
  8. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    so did MR :) one lead just follows another here.

    Too many instants of services getting "hacked" with weak passwords.. I would understand a "hack" only that would relate if these accounts had strong passwords only, but not weak. I guess most of it it centered around Find my iPhone issue?

    Don't click on HTML links in email period...

    Instead use "Plain text" to view... While it looks ugly, as least u can see everything for how it is, not how it's not.
  9. Joe Rossignol Editor

    Joe Rossignol

    Staff Member

    May 12, 2012
    Fair enough. Headline has been updated.
  10. thermodynamic Suspended


    May 3, 2009
    Or other media sources that use the same baiting - which is just about all of them or is it stereotyping to suggest that?

    Most people know that. All do not. Why not? Are there better ways the message can get sent across? Like at a cash register or payment slip in big letters? /freeR&D
  11. dannyyankou macrumors G3


    Mar 2, 2012
    Scarsdale, NY
    It does technically fit the definition of hacking though.
    It's just not Apple's fault.
  12. JonneyGee macrumors 6502


    Jun 8, 2011
    Nashville, TN
    Definitely check URLs before you click any email link, especially related to passwords. Some services do use email to reset passwords, but it's not too hard to verify the legitimacy of such emails — check the URL, check the sender's email address, etc.
  13. EricTheHalfBee Suspended

    Mar 10, 2013
    Can't upvote this enough. When this first came out, that loser wannabe hacker uploaded his kiddie script to Github with the claim that it brute forced iCloud passwords. Everyone (well, not everyone - only the Apple haters/trolls who know nothing about security believed this guy) linked this fool and his tool to iCloud and claimed it was what hackers used to brute force iCloud.

    Then a bunch of security researchers and tech blogs downloaded this tool and ran it and promptly found out it didn't work. The guy responds by saying "well it used to work, Apple must have fixed it". And with that simple lie, suddenly people actually thought his script worked and that Apple actually issued a fix. Never mind that he couldn't provide any proof. He pulls off one of the biggest hacks ever, and doesn't even bother to document anything to prove it worked. We're supposed to just take his word.

    And to this day you still have a legion of idiots believing iCloud was hacked/brute forced when in reality it was just plain old phishing and password resets.
  14. maxsix Suspended


    Jun 28, 2015
    Western Hemisphere
    You can thank the sensational liberal media for that. They'll write anything to grab attention. Facts are a nuisance in their world.
  15. LIVEFRMNYC macrumors 604

    Oct 27, 2009
    Well you can call it "people hacking".
  16. aaronvan Suspended


    Dec 21, 2011
    República Cascadia
    Of course they were hacked. I'm sure Lindsey Lohan and Taylor Swift double salt hash their passwords and enable two-factor authentication.
  17. ncbetz macrumors 6502


    Jan 9, 2016
    Texas, USA
    Why does this matter?
  18. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    so the definition is more fun than the article ? ok ,,duly noted.
  19. EricTheHalfBee Suspended

    Mar 10, 2013
    We can also thank them for mentioning iCloud at every turn while leaving out the fact that Gmail accounts were also phished (at least MR did point out that this individual was sentenced for both iCloud and Gmail accounts). But most people think this was an "iCloud ONLY" thing.
  20. SpiderDude macrumors regular


    Jan 29, 2008
    Portugal, Europe
  21. dontwalkhand macrumors 603


    Jul 5, 2007
    Phoenix, AZ
    While I know some celebrities are tech savvy, I doubt Kim kardashian would know how to put her iPhone in plain text view and look at the html code to see if it's a legitimate email from Apple.

    Most of these celebs probably saw the email from Apple, and clicked it.
    --- Post Merged, Jul 4, 2016 ---
    Taylor Swift actually is pretty tech savvy, watching some documentaries.

    Lindsey Lohan on the other hand, her password was probably "puppies"! With no Touch ID setup on her phone! LOL!
  22. Zirel Suspended


    Jul 24, 2015
    Taylor Swift and Lindsay Lohan aren't, as far as I know, backend developers to salt the hash of their passwords.

    And double salting is just useless.
  23. macs4nw macrumors 601


    Perhaps as opposed to "male celebrities", whose accounts were not phished? Juicing the story up a bit, granted.....
  24. Gasu E. macrumors 601

    Gasu E.

    Mar 20, 2004
    Not far from Boston, MA.

    Hollywood stars make a good target, because they are very busy, and get zillions of messages and emails. While exhibiting click discipline may seem trivial to us normal people, try imagining what it would be like if you were, quite literally, 10,000 times as popular as you are now.
  25. fourthtunz macrumors 65816


    Jul 23, 2002
    wow 5 years in prison for this?
    This country loves to throw people in prison!
    Lots of money in the prison system, too much tax money being spent!

Share This Page

92 July 4, 2016