Skip to main content

Man behind celebrity nude photos leaked from iCloud pleads guilty to phishing scheme

icloud-hack

The man responsible for leaking explicit photos of dozens of celebrities back in 2014 has been formally charged today. According to a post on the Department of Justice website, a man from Pennsylvania has been charged with felony computer hacking after obtaining access to Gmail and iCloud accounts of more than 100 different people, the majority of whom were celebrities.

The hacker, 36-year-old Ryan Collins, has signed a plea agreement and agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act. Colin was charged in Los Angeles, but the case will be transferred to Harrisburg, Pennsylvania, where Collins is expected prison sentence of 18 months, although it could be as long as five years.

In addition to revealing sentencing details, however, the filing also reveals more details as to how Collins was able to obtain access to the accounts of the affected celebrities. According to the filing, Collins engaged in a phishing scheme between November 2012 and September 2014. Collins would apparently send emails to celebrities that appeared to be from Apple or Google and asked for login details. Once Collins had those details, he was able to access email accounts and iCloud accounts. From there, Collins obtained information such as nude images and videos, as well as phone numbers. In the case of Apple accounts, Collins would download the entire contents of the victim’s iCloud backup, as well.

While Collins accessed at least 50 iCloud accounts and 72 Gmail accounts, law enforcement has still been unable to prove that he was the person who shared the nude images on the internet, so if that evidence is discovered, it could potentially lengthen his sentence.

We reported on the initial iCloud hack back in 2014, but details were unknown at the time. Apple said that it was “actively investigating” the alleged hacking, but we now know that Apple played a small role in the process, as it was the celebrities who fell victim to phishing scams.

The full report can be read below:

Pennsylvania Man Charged with Hacking Apple and Google E-Mail Accounts Belonging to More Than 100 People, Mostly Celebrities

            LOS ANGELES – A Pennsylvania man was charged today with felony computer hacking related to a phishing scheme that gave him illegal access to over 100 Apple and Google e-mail accounts, including those belonging to members of the entertainment industry in Los Angeles.

Ryan Collins, 36, of Lancaster, Pennsylvania, has signed a plea agreement and agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act. In the plea agreement also filed today, Collins agreed to plead guilty to one count of unauthorized access to a protected computer to obtain information.

Although Collins has been charged in Los Angeles, the parties have agreed to transfer the case to Harrisburg in the Middle District of Pennsylvania, near Collins’ home, for the entry of his guilty plea and sentencing. Once he enters the guilty plea, Collins will face a statutory maximum sentence of five years in federal prison. The parties have agreed to recommend a prison term of 18 months, but that recommendation will not be binding on the sentencing judge.

“Today, people store important private information in their online accounts and in their digital devices,” said United States Attorney Eileen M. Decker. “Lawless unauthorized access to such private information is a criminal offense. My Office remains committed to protecting sensitive and personal information from the malicious actions of sophisticated hackers and cyber criminals.”

According to factual basis in the plea agreement, from November 2012 until the beginning of September 2014, Collins engaged in a phishing scheme to obtain usernames and passwords for his victims. He sent e-mails to victims that appeared to be from Apple or Google and asked victims to provider their usernames and passwords. When the victims responded, Collins then had access to the victims’ e-mail accounts. After illegally accessing the e-mail accounts, Collins obtained personal information including nude photographs and videos, according to his plea agreement. In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups.

The charge against Collins stems from the investigation into the leaks of photographs of numerous female celebrities in September 2014 known as “Celebgate.” However, investigators have not uncovered any evidence linking Collins to the actual leaks or that Collins shared or uploaded the information he obtained.

Many of Collins’ victims were members of the entertainment industry in Los Angeles. By illegally accessing the e-mail accounts, Collins accessed at least 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebrities.

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity,” said David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”

The case against Collins is the product of an ongoing investigation by the Federal Bureau of Investigation.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. viciosodiego - 8 years ago

    Yet if the US government did the same thing, they would say, oops sorry, your data got leaked.
    Double standard.

  2. viciosodiego - 8 years ago

    Also, those people probably had easy to guess passwords and security questions.
    This is just an example of what would happen if the US government got access to our phones.

  3. presslee - 8 years ago

    He is a hero to some. Heroes go to jail sometimes. Like rosa parks

    • bartcassau - 8 years ago

      eh no, he isn’t a hero. he is a perverted criminal.
      But nice to know that you volunteer to put your pictures of your private parts and that of your family online.

      Rosa Parks, you slept through history 101 maybe? The mere thought …

    • Grayson Mixon - 8 years ago

      Rosa Parks was part of an organization that wanted to get someone arrested. She set out intending to go to jail. I don’t think this guy intended to get caught and go to jail.

  4. Iven Tenz (@ivenalot) - 8 years ago

    I still don’t understand why people not click on the e-mail address, they just see Paypal Support and once you actually click on it it says paypal@online.net or some unknown address. Like c’mon..

    • jacosta45 - 8 years ago

      Unfortunately non tech savvy people just don’t pay attention to things we know what to look out for. And unfortunately it will be the same people getting scammed/hacked (mostly).

  5. Jim Hassinger - 8 years ago

    Good! And, viciousdiego, if the US government exposed the nude photos of women, they would be sued and there would be hell to pay.

  6. Packer is involved in our case. Also involved: Obama, Murdoch and Stokes to name a few. gayledavies25.wordpress.com also Obama and others have ordered my wordpress blogs to not register any viewings. I looked at the stats this morning and people have viewed ‘Most Hunted’. I looked again just now and no viewers were registered. I also had a similar situation with Youtube where apparently noone had viewed my trial video, however the topics I covered were all over the press. So obviously people in high places are removing the viewer numbers from my blogs and videos.

  7. Check your headline. The images didn’t “leak” from iCloud. It’s one thing if the rest of the media gets it wrong (in some cases probably deliberately for the sake of clicks and drama), but I would expect 9to5Mac to spot the difference.

  8. John Smith - 8 years ago

    Not giving your password to phishers is mainly your own responsibility, but not every Apple user is going to be some computer boffin – Apple has rightly beefed up security to do their part.

    In terms of Apple’s security – they added the measure that was needed to firmly block this recurring: two step authentication. They also tightened up on multiple attempts across a range of Apple logins. Whether that was relevant here is not clear, but it was a positive move.

    That’s the type of security – against criminals – I need from Apple.

Author

Avatar for Chance Miller Chance Miller

Chance is an editor for the entire 9to5 network and covers the latest Apple news for 9to5Mac.

Tips, questions, typos to chance@9to5mac.com