The second hacker implicated in a phishing scheme targeting more than 300 Gmail and iCloud users, including personal accounts of Hollywood celebrities, has signed a plea deal last week and faces up to five years in federal prison.
According to a statement on the website of the U.S. Attorney's Office in California, Edward Majerczyk, 28, will plead guilty to violating the Computer Fraud and Abuse Act for his role in 2014's celebrity nude leak dubbed the "Celebgate" phishing scheme.
BGR reports that in August 2014 private videos and photos from a number of celebrities were released online. The materials were stolen from their private online accounts.
Authorities have discovered that the videos and photos were acquired via a phishing scam targeting the iCloud accounts of well-known celebrities. Over 500 sensitive videos and photos were released online.
The two hackers behind the "Celebgate" scandal, Orland Park and Majerczyk, are charged with unauthorized access to a protected computer. According to Apple Insider, the hack attack carries a statutory maximum sentence of five years in prison.
Majerczyk sent phony emails to victims, as part of the phishing scheme. The emails appeared to be from legitimate security accounts operated by companies like Google and Apple and they were requesting confirmation of user credentials. The users were then instructed to visit a website that gathered their logins and passwords.
According to the plea agreement, this information was used by Majerczyk to illegally access victims' accounts and harvest sensitive data such as videos and photographs. The assets were first leaked on the dark web, before wider distribution on file sharing protocols such as BitTorrent.
"Celebgate" gained notoriety for targeting numerous celebrities including Kate Upton and Jennifer Lawrence. At first, reports blamed the intrusion on a hack of Apple's iCloud, but Apple denied the claims at the time.
U.S. Attorney Eileen M. Decker declared in a press release that hacking of online accounts is a "serious violation of federal law." She added that defendant's conduct created online vulnerabilities and was a profound intrusion into the victims' privacy.