A second person has pleaded guilty in connection with the iCloud “celebgate” attack in 2014. 28-year-old Edward Majerczyk, from Chicago, has entered into a plea deal that sees him plea guilty to violating the Computer Fraud and Abuse Act. Majerczyk will face a maximum sentence of five years in prison.
Majerczyk worked with Ryan Collins, a 36-year-old from Pennsylvania, to steal the photos. They sent the victims emails claiming that they were from Apple and Google, asking them to provide their usernames and passwords for their accounts.
Here’s how the plea deal lays it out:
From November 23, 2013 through August 2014, Majerczyk engaged in a phishing scheme to obtain usernames and passwords for his victims. He sent e-mails to victims that appeared to be from security accounts of internet service providers that directed the victims to a website that would collect the victims’ usernames and passwords. After victims responded by entering information at that website, Majerczyk had access to victims’ usernames and passwords. After illegally accessing the iCloud and Gmail accounts, Majerczyk obtained personal information including sensitive and private photographs and videos, according to his plea agreement.
Over 300 people fell victim to the attack. Apple responded by boosting security, increasing the number of places that use two-factor authentication before granting access. When enabled, this feature sends a text message to the user’s phone with a special code, ensuring that only someone with the password and access to the phone can log in.
“We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information” said David Bowdich, the assistant director in charge of the FBI’s Los Angeles Field Office.
Collins, who already pleaded guilty as part of a deal in March, is serving a recommended sentence of 18 months in prison. No sentencing date has been announced.
“This defendant not only hacked into e-mail accounts he hacked into his victims’ private lives, causing embarrassment and lasting harm,” said Deirdre Fike, the Assistant Director in Charge of the FBI’s Los Angeles Field Office, in a statement about the plea deal. “As most of us use devices containing private information, cases like this remind us to protect our data. Members of society whose information is in demand can be even more vulnerable, and directly targeted.”