28-year old Chicago native Edward Majerczyk has signed a plea agreement, entering a guilty plea for his part in the “Celebgate” iCloud scandal. Majerczyk agreed to plead guilty to violation of the Computer Fraud and Abuse Act, according to court documents released on Friday.
Majerczyk faces a maximum of five years in prison. Fellow Celebrate phisher, 36 year old Pennsylvania native Ryan Collins, entered into a plea agreement back in March, with carries a recommended sentence of 18 months.
During the November 2013 to September 2014 timeframe, the pair hatched a phishing scheme to obtain the iCloud usernames and passwords of over 300 victims, including those of a number of celebrities. The scofflaws sent the victims emails that appeared to be from Apple and Google, asking the victims to provide their usernames and passwords.
The duo then used that phished info to illegally access victims’ accounts, and collect private information, which in a number of cases involved nude photographs and videos. Those photos were then leaked via online image board 4chan, and then spread to numerous other internet sites.
While Collins and Majerczyk originally obtained the photos and videos, investigators have been unable to obtain any evidence proving they are responsible for the 4chan leak.
Following the breach, an investigation by Apple showed the accounts were compromised due to weak passwords, and possibly a Find My iPhone flaw. The company then strengthened security by adding email alerts when iCloud accounts are accessed via the web, adding an option for app-specific passwords for third-party apps using iCloud, and also enabling two-factor authentication on iCloud.com.