Ryan Collins, A Pennsylvania man has pleaded guilty to hacking celebrity iCloud accounts which allowed personal photos and videos to be published online. the 36-year-old Pennsylvania man faces up to five years in prison for the hack, which was often referred to as “The Fappening” and “Celebgate”.
Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims, according to the “factual basis of the plea agreement.” He sent his victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.
However, Collins didn’t actually publish the photos on 4Chan and Reddit himself, according to the DOJ:
After illegally accessing the e-mail accounts, Collins obtained personal information including nude photographs and videos, according to his plea agreement. In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups.
The charge against Collins stems from the investigation into the leaks of photographs of numerous female celebrities in September 2014 known as “Celebgate.” However, investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained.
Many of Collins’ victims were members of the entertainment industry in Los Angeles. By illegally accessing the e-mail accounts, Collins accessed at least 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebrities.
Collins has been charged in Los Angeles, but the case will be transferred to Harrisburg, Pennsylvania so that he can enter his guilty plea. He will face a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months. The DoJ stresses that the recommendation is not binding to the sentencing judge.
It’s unclear if Collins was connected to the two Chicago men who had their homes searched by the FBI in 2014 as part of its investigation into the iCloud hacks. However, the U.S. District Attorney’s Office told Gawker that Collins “is directly related to that investigation”.
Shortly after the breach occurred in September 2014, Apple conducted an investigation that revealed the accounts were compromised by weak passwords. The company then made several changes, adding email alerts when iCloud accounts are accessed on the web, app-specific passwords for third-party apps accessing iCloud and enabling two-factor authorization on iCloud.com.
Pennsylvania Man Behind Hacking Over 100 of Celebrity iCloud Accounts Pleads Guilty