Connecticut man George Garafano has been sentenced to eight months in prison for his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet.
Garafano was accused of hacking the iCloud accounts of more than 200 people over the course of 18 months, including multiple celebrities.
According to the Hartford Courant, a federal judge in Connecticut ordered the eight month prison term, which will be followed by three years of supervision after release.
Garafano in April pleaded guilty to sending phishing emails to his victims posing as a member of Apple's online security team to obtain usernames and passwords. During the case, prosecutors said he traded the photos that he stole with other hackers and may have sold some of them to earn extra income.
Prosecutors had argued that Garafano should serve 10 to 16 months in prison, while Garafano asked for a more lenient sentence of five months in prison followed by five months in home confinement.
Garafano, who was in college at the time, says he has already suffered for his role in the 2014 hacking event and has "cleaned up his act" since the hacking occurred.
There were a total of four people charged with breaking into the iCloud accounts of celebrities, including Ryan Collins, Edward Majerczyk, and Emilio Herrera, along with Garafano. The other hackers have already been sentenced to prison terms ranging from nine months to 18 months.
When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.
Apple has since made improvements to its iCloud security by adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed on the web, and requiring app-specific passwords for third-party apps that access iCloud.
Top Rated Comments
When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords ('https://www.macrumors.com/2014/09/02/apple-no-celebrity-icloud-breach/').
Hack implies Apple’s servers were compromised. There’s a big difference between that and people getting scammed.
And PSA for celebrities: don't store your naked pictures in the cloud.
Don’t know what’s up with that.
“Prosecutors said in court documents that between November 2012 and September 2014, Collins "knowingly, intentionally, and in furtherance of criminal and tortious acts" accessed at least 50 Apple iCloud accounts and about 72 Google Gmail accounts belonging to more than 100 people. “