New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Virginia Teacher Sentenced to 34 Months in Prison for 2014 Celebrity iCloud Hack

For his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet, former high school teacher Christopher Brannan has been sentenced to 34 months in prison, according to the U.S. Attorney's Office for the Eastern District of Virginia (via AppleInsider).

Brannan was charged with unauthorized access to a protected computer and aggravated identity theft. Court documents say that he accessed the iCloud, Yahoo, Facebook, and email accounts of more than 200 victims, both celebrities and non-celebrities.

He was able to obtain full iCloud backups, photographs, and other information using phishing email accounts that were designed to look like legitimate emails from Apple. He also hacked email accounts by answering security questions using data found on victims' Facebook accounts.

After obtaining Apple account information, Brannan would search for "sensitive and private photographs and videos, including nude photographs."

Brannan is one of multiple people who were found accessing and distributing celebrity photos in the 2014 attack. Ryan Collins, Edward Majerczyk, and Emilio Herrera, and George Garafano have previously been sentenced to prison terms ranging from eight months to 18 months.

When hundreds of nude celebrity photos began leaking on the internet in 2014 as part of what's now known as the "Celebgate" attack, there was initial speculation that iCloud had been hacked.

Following an investigation, however, Apple found that the accounts in question were compromised by weak passwords and skilled phishing attempts.

Apple has since implemented multiple changes to iCloud security, adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed either on the web or on another device, and requiring app-specific passwords for third-party apps that access iCloud.

Unfortunately, the kind of phishing emails that led to the 2014 celebrity leak are still widely used today, and phishing scammers have only gotten better at what they do.

To thwart phishing attempts, Apple maintains a support page with information on how to avoid fake support calls, phishing emails, and other scam techniques that malicious individuals employ to extract information from Apple users.

Those concerned about being the victim of a phishing attack should take measures to stay safe, including using two-factor authentication, getting a password manager like 1Password and using a unique password for each and every site, and avoiding suspicious phone calls and emails, even if they look like they come from Apple.



Top Rated Comments

(View all)

2 weeks ago
It was not a hack. You should know better, this is a tech website. We have a hard enough time correcting the misconception that iCloud was hacked (it wasn’t), we don’t need Macrumors reinforcing it.

This was social engineering, phishing celebrities into giving up their passwords voluntarily.
Rating: 28 Votes
2 weeks ago

Ah, yes. The “Fappening”!


I know, right? I'm not sure why the post called it "Celebgate". I've never heard it called that! It's always been "The Fappening".
Rating: 25 Votes
2 weeks ago
What a way to treat a national treasure.
Rating: 17 Votes
2 weeks ago
"...as part of what's now known as the "Celebgate" attack."

Stop trying to make "Celebgate" happen. It's not going to happen.
Rating: 17 Votes
2 weeks ago
Since when was it called Celebgate? I'm told the torrent file was called "The Fappening".
Rating: 17 Votes
2 weeks ago
There has never been a hack of iCloud period. The law requires any hacks be reported, none have, therefore iCloud is still the most secure cloud service in existence
[doublepost=1551468630][/doublepost]

If they're storing passwords correctly, how would they know that?


By asking the account owners during an investigation is the most likely answer
Rating: 16 Votes
2 weeks ago
Ah, yes. The “Fappening”!
Rating: 15 Votes
2 weeks ago
What the **** are these misogynistic comments on MR? His phishing BS was pure extortion that tarnished the reputation of prominent women by his posting of their private pictures in order to humiliate them. How he/the people who did this got the images does not matter + whether anyone decides to take potentially compromising pictures is their choice.

If anything, this case sets precedence for revenge porn and that is key here.
Rating: 11 Votes
2 weeks ago
He is a folk hero and leader of the Fappening, the William Wallace for lonely men everywhere.
Rating: 10 Votes
2 weeks ago
Glad he is going to prison. I am also glad that Apple initiated 2FA to help people be more secure with their account.
Rating: 8 Votes

[ Read All Comments ]