Here's How One Hacker Stole Hundreds of Celebrities' Nude Photos
They all fell victim to one of the oldest tricks in the book.
On Tuesday, authorities announced Ryan Collins, a 36-year-old from Pennsylvania, would plead guilty to charges stemming from 2014’s infamous leak of dozens of celebrities’ private photos.
“Celebgate,” or “The Fappening,” as it crudely became known online, was a massive leak of private, intimate photos from a long list of celebrities, who all fell victim to a hacker exploiting their Gmail and iCloud backup accounts. Collins faces up to five years in jail for his role in the leak, but prosecutors are recommending only 18 months after he agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act and one count of unauthorized access to a protected computer to obtain information. He’s not being held responsible for leaking, selling, or posting the images online — that investigation is still ongoing, according to Gawker.
All told, Collins hacked as many as 50 iCloud accounts and 72 Gmail accounts, all using the simple technique of phishing, or soliciting for private login information through fake emails. Phishing is an extremely common hacking technique used by Nigerian scammers and high-profile hackers alike. Starting in 2012, Collins sent celebrities emails that looked like notifications from Apple or Google, asking them to re-enter or provide their login data. In many cases, it was as easy as that.
“We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information” said David Bowdich, the assistant director in charge of the FBI’s Los Angeles Field Office.
After he got their login information, Collins had full access to the celebrities’ accounts. While a lot of large-scale hacks exploit software loopholes or require sophisticated computer knowledge, it’s remarkable how much damage a clever hacker can do just by asking for things. But in this case at least, it’s unlikely Collins will be able to hack his way out of a prison sentence.