Back in September 2014, nude photos of celebrities including those of award-winning actress Jennifer Lawrence, Kirsten Dunst, Rihanna, Kate Upton were leaked online. Apple’s iCloud service was blamed for the photos that were circulating in 4Chan’s /b/ thread (NSFW).
A 4chan user purportedly responsible for the original ‘hack’ revealed a master list of all celebrities that were hacked. Some forummers requested bitcoins and PayPal donations for access to explicit photos and videos of celebrities.
Actress Kirsten Dunst was also a victim of the alleged iCloud hack and she subsequently (sarcastically) thanked Apple in a tweet, “Thank you iCloud” with emoticons that translated into “piece of shit.”
Rihanna and Kim Kardashian later became victims of the heinous crime, as well.
The crime caught the attention of the FBI, who investigated the allegations of the hack and unlawful release of private material involving high profile people.
It looks like Apple is officially off the hook, though the company quickly patched a security hole in iCloud that could have allowed users to ‘brute force’ a user’s account password using a Python script, back when the leaks were reported.
Today, hacker Ryan Collins pleaded guilty to stealing nude photos – including those of Jennifer Lawrence – from Apple servers.
The FBI found the hack didn’t involve brute-forcing or password cracking, but instead via social engineering means, in the form of phishing.
Court documents revealed that Collins’ victims fell prey to phishing scams. The hacker allegedly sent emails to victims that appeared to come from Apple and Google. They ‘warned’ victims that their accounts were compromised and subsequently asking them for their login details. Alarmed, victims would then enter their password information.
After gaining access to email address details, he was able to download email, and gain access to other files and services such as iCloud.
Prosecutors found he accessed more than 120 different Gmail and iCloud accounts, most of which belonged to female celebrities, between 2012 to 2014. He is currently being tried for a “felony violation of the Computer Fraud and Abuse Act.” Collins will face a statutory maximum sentence of five years in federal prison.
Oddly, he isn’t being tried for uploading images online.
Investigations by the FBI is still ongoing.