Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
69,513
40,651



iCloud_Alt.jpg
For his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet, former high school teacher Christopher Brannan has been sentenced to 34 months in prison, according to the U.S. Attorney's Office for the Eastern District of Virginia (via AppleInsider).

Brannan was charged with unauthorized access to a protected computer and aggravated identity theft. Court documents say that he accessed the iCloud, Yahoo, Facebook, and email accounts of more than 200 victims, both celebrities and non-celebrities.

He was able to obtain full iCloud backups, photographs, and other information using phishing email accounts that were designed to look like legitimate emails from Apple. He also hacked email accounts by answering security questions using data found on victims' Facebook accounts.

After obtaining Apple account information, Brannan would search for "sensitive and private photographs and videos, including nude photographs."

Brannan is one of multiple people who were found accessing and distributing celebrity photos in the 2014 attack. Ryan Collins, Edward Majerczyk, and Emilio Herrera, and George Garafano have previously been sentenced to prison terms ranging from eight months to 18 months.

When hundreds of nude celebrity photos began leaking on the internet in 2014 as part of what's now known as the "Celebgate" attack, there was initial speculation that iCloud had been hacked.

Following an investigation, however, Apple found that the accounts in question were compromised by weak passwords and skilled phishing attempts.

Apple has since implemented multiple changes to iCloud security, adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed either on the web or on another device, and requiring app-specific passwords for third-party apps that access iCloud.

Unfortunately, the kind of phishing emails that led to the 2014 celebrity leak are still widely used today, and phishing scammers have only gotten better at what they do.

To thwart phishing attempts, Apple maintains a support page with information on how to avoid fake support calls, phishing emails, and other scam techniques that malicious individuals employ to extract information from Apple users.

Those concerned about being the victim of a phishing attack should take measures to stay safe, including using two-factor authentication, getting a password manager like 1Password and using a unique password for each and every site, and avoiding suspicious phone calls and emails, even if they look like they come from Apple.

Article Link: Virginia Teacher Sentenced to 34 Months in Prison for 2014 Celebrity iCloud Hack
 
There has never been a hack of iCloud period. The law requires any hacks be reported, none have, therefore iCloud is still the most secure cloud service in existence
[doublepost=1551468630][/doublepost]
If they're storing passwords correctly, how would they know that?

By asking the account owners during an investigation is the most likely answer
 
Pretty weak security measures when a high school teacher can breach them. It's the breach that keeps on giving since once it's on the internet it's there forever with no way to remove.
 
Pretty weak security measures when a high school teacher can breach them. It's the breach that keeps on giving since once it's on the internet it's there forever with no way to remove.
No amount of security is going to get around people handing someone their password. Social engineering is not a “hack”.
 
It was not a hack. You should know better, this is a tech website. We have a hard enough time correcting the misconception that iCloud was hacked (it wasn’t), we don’t need Macrumors reinforcing it.

This was social engineering, phishing celebrities into giving up their passwords voluntarily.
 
It was not a hack. You should know better, this is a tech website. We have a hard enough time correcting the misconception that iCloud was hacked (it wasn’t), we don’t need Macrumors reinforcing it.

This was social engineering, phishing celebrities into giving up their passwords voluntarily.

Yup, poor form MR. This mislabeling could be excused from the likes of Bloomberg tech “reporting”, but MR is supposed to be a bit more tech savvy.
 
  • Like
Reactions: rhett7660 and CarlJ
"Celebgate?" That wasn't the term I heard. I guess what I heard probably isn't G-rated though.

Edit to add: looking at comments above I see I'm not the only one who heard that other name.

Edit 2: really disappointing to see so many comments about "hero" when someone exposed intimate images of strangers. Celebrity or not, no one deserves that.
 
It was not a hack. You should know better, this is a tech website. We have a hard enough time correcting the misconception that iCloud was hacked (it wasn’t), we don’t need Macrumors reinforcing it.

This was social engineering, phishing celebrities into giving up their passwords voluntarily.
You are peeing up a virtual rope trying to get that perception corrected. It is emblazoned on the social consciousness as the iCloud hack. It is what it is. You'd have no more success than I would telling certain Apple fans Google doesn't sell your data. By the time I get to "...ad space based on anon-...", nothing but the proverbial 1000 yard stare ← metaphorical
Google sells data and iCloud was hacked. Whaddayagonnado. ¯\_(ツ)_/¯
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.