The man behind the “Fappening,” a mass hacking of celebrity iCloud accounts back in 2014, has plead guilty. 36-year-old Pennsylvania resident Ryan Collins signed a plea agreement, and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act.
Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims, according to the “factual basis of the plea agreement.” He sent his victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.
Collins then used the information he obtained to illegally access the iCloud accounts, accessing private information, including nude photographs and videos. He also downloaded some of the victims’ iCloud backups. Although Collins downloaded the photos, videos, and other information, authorities were not able to obtain evidence proving he was the party that leaked them to the Internet.
While Collins had been charged in Los Angeles, the case will be transferred to Harrisburg, Pennsylvania so that he can enter his guilty plea. While he could face a maximum sentence of five years in a federal prison, as part of his plea deal, authorities will recommend a reduced sentence of 18 month in prison. The sentencing judge is not bound by the recommendation, and can sentence Collins to the full five years.
In the wake of the September 2014 breach, Apple revealed that its own investigation indicated the accounts were compromised due to weak passwords. The Cupertino firm then improved iCloud security with several changes. These included email alerts when iCloud accounts are accessed on the web, two-factor authentication, and app-specific passwords for third-party apps that access iCloud.