The Stupidly Simple Way in Which Nude Photos from Celebrities Were Stolen

The hacker responsible for the infamous photo scandal involving explicit personal photos and videos of celebrities that were leaked online has now plead guilty in a Californian court. The means to hacking personal accounts that contained nude photos and videos? A simple phishing campaign.

Ryan Collins, a 36-year-old hacker by way of a phishing scheme who leaked nude photos and videos of celebrities has plead guilty to the offence of stealing them from several iCloud and Gmail accounts. Accounts that belonged to household names and celebrities.

Altogether, the Department of Justice state that Collins had admitted to scamming his way into more than 100 accounts between November 2012 and September 2014. He has been accused of accessing at least 72 Gmail accounts and 50 iCloud accounts.

The Phishing Scheme

Collins’ phishing campaign involved fraudulent emails purporting to come from Apple and Google employees. Posing as staff from the two companies, he requested his targets to share their login details in a faux, but well-designed website or form, pretending to be an official page from iCloud or Google. Presumably, Collins simply convinced his targets that their account credentials had to be shared, presumably for the sake of security and the account’s well-being. The photos that were leaked belonged to celebrities such as Jennifer Lawrence, Kate Upton, Kirsten Dunst and Avril Lavigne. Notably, the first three celebrities even confirmed that the photos were indeed genuine.

According to court filings ascertained by the BBC, here are few examples of the malicious hacker’s doings:

[The] defendant used numerous fraudulent email addresses designed to look like legitimate security accounts from various internet service providers, including, for example, [email protected], [email protected] and [email protected]

Once his phishing scheme bore fruit, Collins was able to gain complete access to Apple iCloud backups, many of whom belonged to at least 18 known celebrities from Hollywood.

“Many of these back-ups contained nude photographs and videos,” the court filings added.

The FBI’s investigation into the ‘Celebgate’ affair sees Collins to be the first individual to be charged. Prosecutors will recommend an 18-month prison sentence, as a part of Collins’ plea deal. The charge of felony for computer hacking against Collins carries a maximum of a five-year prison sentence.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.