New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Connecticut Man Sent to Prison for 2014 Celebrity iCloud Hack

Connecticut man George Garafano has been sentenced to eight months in prison for his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet.

Garafano was accused of hacking the iCloud accounts of more than 200 people over the course of 18 months, including multiple celebrities.

According to the Hartford Courant, a federal judge in Connecticut ordered the eight month prison term, which will be followed by three years of supervision after release.

Garafano in April pleaded guilty to sending phishing emails to his victims posing as a member of Apple's online security team to obtain usernames and passwords. During the case, prosecutors said he traded the photos that he stole with other hackers and may have sold some of them to earn extra income.

Prosecutors had argued that Garafano should serve 10 to 16 months in prison, while Garafano asked for a more lenient sentence of five months in prison followed by five months in home confinement.

Garafano, who was in college at the time, says he has already suffered for his role in the 2014 hacking event and has "cleaned up his act" since the hacking occurred.

There were a total of four people charged with breaking into the iCloud accounts of celebrities, including Ryan Collins, Edward Majerczyk, and Emilio Herrera, along with Garafano. The other hackers have already been sentenced to prison terms ranging from nine months to 18 months.

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.

Apple has since made improvements to its iCloud security by adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed on the web, and requiring app-specific passwords for third-party apps that access iCloud.


Top Rated Comments

(View all)

15 weeks ago
Why is this called a hack when these people gave them their password. This is why anti-Apple people still try to blame Apple saying they were hacked and leaked the pictures.
Rating: 40 Votes
15 weeks ago
anyway the title says “hack” but it was phishing

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords ('https://www.macrumors.com/2014/09/02/apple-no-celebrity-icloud-breach/').
Rating: 22 Votes
15 weeks ago
MR, please, this isn’t a hack. I know the title will get more visits, but if you use the same password for every account and answer every applelegit@maybenot.com email with your personal details, that’s phishing.

Hack implies Apple’s servers were compromised. There’s a big difference between that and people getting scammed.
Rating: 14 Votes
15 weeks ago
Phishing and social engineering attacks will always succeed in some measure because people are always the weakest links in security.
Rating: 14 Votes
15 weeks ago
I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

And PSA for celebrities: don't store your naked pictures in the cloud.
Rating: 11 Votes
15 weeks ago
They never mention google or gmail.
Don’t know what’s up with that.

“Prosecutors said in court documents that between November 2012 and September 2014, Collins "knowingly, intentionally, and in furtherance of criminal and tortious acts" accessed at least 50 Apple iCloud accounts and about 72 Google Gmail accounts belonging to more than 100 people. “
Rating: 10 Votes
15 weeks ago

I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

It wasn't so much for tricking someone into giving them their password, it was for what they then did with those passwords - accessing an account that didn't belong to them, downloading someone else's clearly very private files, then widely distributing those files on the internet, and screwing over a bunch of people's lives (at least for a while). I don't see some prison time as being especially harsh.
Rating: 10 Votes
15 weeks ago

Why is this called a hack when these people gave them their password. This is why anti-Apple people still try to blame Apple saying they were hacked and leaked the pictures.

I came to this thread...

anyway the title says “hack” but it was phishing

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords ('https://www.macrumors.com/2014/09/02/apple-no-celebrity-icloud-breach/').

... for these and am thankful I will not leave...

They never mention google or gmail.
Don’t know what’s up with that.

“Prosecutors said in court documents that between November 2012 and September 2014, Collins "knowingly, intentionally, and in furtherance of criminal and tortious acts" accessed at least 50 Apple iCloud accounts and about 72 Google Gmail accounts belonging to more than 100 people. “

disappointed. You guys have to know that your protestations fall on deaf ears every time. Always have, always will. This little saga in internet history will forever more be known as the celebrity iCloud hack. No amount of hand waving, or wringing for that matter, is going to change that. That windmill ain't gonna tumble.
Rating: 7 Votes
15 weeks ago

Send phishing email to over 200 celebrities, violating their privacy and likely making tons of cash in the process: 8 months prison

Get caught with several grams of dab oil: 2 to 10 years prison

</boggle>


Loot billions of people off their investments: more bonus, private aircraft etc.
Rating: 7 Votes
15 weeks ago
Weak sentence.
Rating: 6 Votes

[ Read All Comments ]