Third Defendant Charged in iCloud “Celebgate” Scandal That Leaked Private Photos of Hollywood Stars
A third person has agreed to plead guilty to hacking over 550 computers in the 2014 iCloud hack that exposed private photos of dozens of celebrities. Emilio Herrera from Chicago is expected to plead guilty to a violation of the Computer Fraud and Abuse Act, facing a maximum sentence of five years in federal prison.
The FBI had launched an investigation back in 2014 after nude photos of a number of celebrities - mostly female - were leaked online after their iCloud accounts were breached. The so-called Celebgate scandal hit some of the biggest Hollywood stars, including the likes of Jennifer Lawrence, Kate Upton and Kim Kardashian.
A year and half into the investigation, the US Department of Justice (DoJ) first charged Ryan Collins, a Pennsylvania man with the Computer Fraud and Abuse Act. Ryan Collins had managed to access over 50 iCloud and 72 Gmail accounts in a phishing scheme that he ran from November 2012 until September 2014, giving him usernames and passwords for his victims. Following Collins' arrest, the FBI had named a second suspect, Edward Majerczyk from Chicago, who pleaded guilty to felony computer hacking charges and was sentenced to nine months in prison. Majerczyk was also ordered to pay $5,700 to an unnamed victim.
Herrera finally faces charges after years of investigation into 2014 iCloud hack of celebrity accounts
Now, Herrera who was first identified as a suspect responsible for the hack last year has agreed to plead guilty to the charges (via Deadline). Similar to the other two, Herrera had also sent phishing emails to dupe victims into giving up their details.
Between May 31, 2013, and August 31, 2014, his [Herrera's] IP address “was used to access approximately 572 unique iCloud accounts,” and “in total, the unique iCloud accounts were accessed 3,263 times.”
So far no evidence links Herrera to the actual leak of the explicit celebrity images, as he has been only charged for running the phishing campaign, not for leaking the data. Reports in 2016 had suggested that it was possible that Herrera was completely unaware that his computer was being used as a scapegoat by hackers.
The 2014 iCloud hack is perhaps one of the most opaque cases as details have always remained scarce. It was believed that a combination of poor passwords, lack of 2 factor authentication, and a security vulnerability in Apple's Find My iPhone feature had enabled mass collection of data by these hackers. The investigation has also taken a long time despite FBI having named these three suspects nearly two years ago. Now, all three defendants from Illinois and Pennsylvania have been charged, facing less than 18 months in federal prison.