New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty

icloud_icon_blueEdward Majerczyk, a 28-year-old Chicago man who played a role in the phishing of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, according to court documents made public on Friday.

Majerczyk was charged in a Los Angeles, California district court, but will enter his guilty plea in the Northern District of Illinois. He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "Celebgate," likewise entered into a plea agreement in March with a recommended sentence of 18 months in prison.

Between November 2013 and September 2014, Majerczyk and Collins engaged in a phishing scheme to obtain the iCloud and Gmail usernames and passwords of over 300 victims, including female celebrities, according to court documents. The perpetrators sent their victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

Majerczyk and Collins used the credentials to illegally access accounts and extract private information, which included nude photographs and videos. In September 2014, hundreds of nude photos of celebrities were then leaked on online image board 4chan before spreading to multiple internet sites, but investigators have not yet been able to find any evidence that either of the men were directly behind the leak.

Shortly after the breach occurred, Apple conducted an investigation that revealed the accounts were compromised by weak passwords -- a Find My iPhone flaw may have also played a role. Apple then strengthened security by adding email alerts when iCloud accounts are accessed on the web, allowing app-specific passwords for third-party apps accessing iCloud, and enabling two-factor authentication on iCloud.com.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.



Top Rated Comments

(View all)

40 months ago
The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.
Rating: 46 Votes
40 months ago

He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "The Fappening," likewise entered into a plea agreement in March ('https://www.macrumors.com/2016/03/15/man-behind-icloud-hack-guilty/') with a recommended sentence of 18 months in prison.

Fixed the scandal name for you.
Rating: 34 Votes
40 months ago
They weren't hacked... 9to5Mac reported this correctly.
Rating: 20 Votes
40 months ago

The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.


They weren't hacked... 9to5Mac reported this correctly.


"Hacked".

Clickbaity title yet again from MacRumors. Lovely.


Fair enough. Headline has been updated.
Rating: 20 Votes
40 months ago
"Hacked".

Clickbaity title yet again from MacRumors. Lovely.
Rating: 17 Votes
40 months ago
As bad as that was, I do feel the silver lining was that we got a beefed up security update to iCloud.
Rating: 10 Votes
40 months ago

The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.


Can't upvote this enough. When this first came out, that loser wannabe hacker uploaded his kiddie script to Github with the claim that it brute forced iCloud passwords. Everyone (well, not everyone - only the Apple haters/trolls who know nothing about security believed this guy) linked this fool and his tool to iCloud and claimed it was what hackers used to brute force iCloud.

Then a bunch of security researchers and tech blogs downloaded this tool and ran it and promptly found out it didn't work. The guy responds by saying "well it used to work, Apple must have fixed it". And with that simple lie, suddenly people actually thought his script worked and that Apple actually issued a fix. Never mind that he couldn't provide any proof. He pulls off one of the biggest hacks ever, and doesn't even bother to document anything to prove it worked. We're supposed to just take his word.

And to this day you still have a legion of idiots believing iCloud was hacked/brute forced when in reality it was just plain old phishing and password resets.
Rating: 9 Votes
40 months ago


And to this day you still have a legion of idiots believing iCloud was hacked/brute forced when in reality it was just plain old phishing and password resets.

You can thank the sensational liberal media for that. They'll write anything to grab attention. Facts are a nuisance in their world.
Rating: 8 Votes
40 months ago
Don't click on emails claiming to be from Apple to reset your password.
Rating: 7 Votes
40 months ago
How is this political topic?
Rating: 7 Votes

[ Read All Comments ]