IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

iCloud hack: could phishing scheme have been behind nude celebrity photo leak?

Pennsylvania man pleads guilty to accessing hundreds of accounts

An American man has been arrested and charged in relation with the 2014 leak of celebrity photos, known as Celebgate and the iCloud Hack.

Ryan Collins, 36, from Lancaster, Pennsylvania, has pleaded guilty to breaking the US Computer Fraud and Abuse Act, as part of a plea deal that will see him face no more than five years in jail.

According to the plea agreement, Collins allegedly engaged in a phishing scam between November 2012 and September 2014, where he persuaded owners of Apple and Google email accounts to hand over their credentials by pretending to be a representative of those companies.

Whenever the ruse was successful, he gained access to personal information, including nude photos and videos, according to the plea agreement.

A statement from the US Department of Justice (DoJ) further alleged that "in some instances, Collins would use a software program to download the entire contents of the victim's iCloud backups".

In total, Collins accessed at least 50 iCloud accounts and 72 Gmail accounts, mostly belonging to female celebrities.

In a statement, David Bowdich, assistant director in charge of the FBI's Los Angeles Field Office, said: "By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity.

"We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information."

There is still one mystery remaining, however. While Collins admits to hacking into the accounts, he denies being the source of the 2014 Celebgate leak.

Furthermore, while Collins was arrested in relation to that breach, the DoJ said: "Investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained."

The broader FBI investigation into the 2014 leak is still ongoing.

Speaking to Cloud Pro, independent security researcher Graham Cluley said: "I'm not surprised that it was phishing that was at the heart of the attack against the celebrities. If there had been a fundamental flaw in iCloud then we would have seen much more serious information stolen by hackers than a few nude photographs of starlets.

"The sad truth is that phishing is incredibly effective. All the time, individuals and companies are duped into handing over information through convincingly crafted email messages."

Like the FBI's Bowditch, Cluley said it is important that people are wary of unsolicited emails. However, he added that two-factor authentication should be implemented where possible to make accounts more secure.

"You can do this with Gmail, iCloud, and other accounts and it means that even if your password is phished from you the hackers will not know the randomly generated PIN code that is also required when accessing the account from a previously unknown computer," he said.

This article first appeared on IT Pro's sister site, Cloud Pro.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Apple cuts ties with Jony Ive after 30 years
Hardware

Apple cuts ties with Jony Ive after 30 years

13 Jul 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Apple faces a catch-22 decision with iPhones and USB-C
Policy & legislation

Apple faces a catch-22 decision with iPhones and USB-C

8 Jun 2022

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022