One of the men behind the ‘Celebgate‘ phishing attack has pleaded guilty to accessing more than 300 iCloud and Gmail accounts, including ‘at least 30’ belonging to celebrities. The plea was announced by the U.S. Attorneys Office for the Central District of California.
Another of the Celebgate offenders, Ryan Collins, also took a plea back in March in return for a recommended sentence of 18 months …
Edward Majerczyk, 28, who resides in Chicago and Orland Park, Illinois, was named in a criminal information filed today in United States District Court in Los Angeles. Majerczyk has signed a plea agreement in which he agrees to plead guilty to a felony violation of the Computer Fraud and Abuse Act, specifically, one count of unauthorized access to a protected computer to obtain information.
Although widely reported at the time as an iCloud hack, it was later revealed to have been a phishing attack, in which victims were fooled into entering their iCloud and Gmail credentials into fake websites. This was something we suspected at the time and was later confirmed by Apple.
Although iCloud itself was never compromised, Apple was not entirely blameless, as it appears that a vulnerability in the Find My Phone service combined with weak passwords may have played a role, and that Apple was aware of this weakness six months earlier.
Majerczyk’s case is being transferred to Northern District of Illinois for sentencing. Although the maximum penalty is five years in federal prison, it is likely that the same plea deal of 18 months has been agreed.
One point to note is that neither of the two men who have admitted the phishing attack have been charged with distributing the photos obtained from it, suggesting that others were involved and that further arrests may follow.
Via The Verge
