Second celebgate hacker pleads guilty to phishing

Phisherman's friend


A second US man has pleaded guilty to stealing intimate pictures of celebrities using a phishing scam.

Edward Majerczyk, 28, who resides in Chicago and Orland Park, Illinois, was charged with hacking into the Apple iCloud and Gmail accounts of more than 300 people, including Hollywood celebrities. In a plea bargaining deal, Majerczyk agreed to plead guilty to one count of unauthorised access to a protected computer (i.e. computer hacking) contrary to the US Computer Fraud and Abuse Act.

In return for copping a plea, Majerczyk, can expect a lighter sentence that he might otherwise have received if he’d been found guilty at trial. Nonetheless Majerczyk still faces a maximum sentence of up to five years in federal prison.

“Hacking of online accounts to steal personal information is not merely an intrusion of an individual’s privacy but is a serious violation of federal law,” said United States Attorney Eileen M Decker. “Defendant’s conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers.”

Majerczyk admitted to running a phishing scheme to obtain usernames and passwords for his victims between November 2013 and August 2014. These phishing emails posed as a message from the security team of the intended mark’s service provider. Prospective marks were directed towards handing over their login credentials at a bogus site controlled by Majerczyk.

Compromised credentials were used to harvest personal information including sensitive and private photographs and videos, according to a DoJ statement of his plea bargaining agreement.

The charge against Majerczyk stems from the investigation into the leaks of photographs of numerous female celebrities in September 2014 known as “Celebgate”. Nudes pictures of more than 100 celebrities, including Oscar-winning actress Jennifer Lawrence, were leaked during through notorious image board 4Chan back in September 2014. At the time, an iCloud security breach was blamed but now we know that phishing was also in play.

Investigators failed to uncover any evidence linking Majerczyk to the actual leaks. FBI investigators who investigated the case reckon Majerczyk accessed at least 300 accounts, and at least 30 accounts belonging to celebrities.

Majerczyk is at least the second hacker to be prosecuted over Celebgate.

Ryan Collins, from Lancaster in Pennsylvania, previously admitted he had illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts. ®

Broader topics


Other stories you might like

  • FTC urged to probe Apple, Google for enabling ‘intense system of surveillance’
    Ad tracking poses a privacy and security risk in post-Roe America, lawmakers warn

    Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.

    US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions. 

    In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    Continue reading
  • Voicemail phishing emails steal Microsoft credentials
    As always, check that O365 login page is actually O365

    Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications.

    This email campaign was detected in May and is ongoing, according to researchers at Zscaler's ThreatLabz, and is similar to phishing messages sent a couple of years ago.

    This latest wave is aimed at US entities in a broad array of sectors, including software security, security solution providers, the military, healthcare and pharmaceuticals, and the manufacturing and shipping supply chain, the researchers wrote this month.

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Carnival Cruises torpedoed by US states, agrees to pay $6m after wave of cyberattacks
    Now those are some phishing boats

    Carnival Cruise Lines will cough up more than $6 million to end two separate lawsuits filed by 46 states in the US after sensitive, personal information on customers and employees was accessed in a string of cyberattacks.

    A couple of years ago, as the coronavirus pandemic was taking hold, the Miami-based biz revealed intruders had not only encrypted some of its data but also downloaded a collection of names and addresses; Social Security info, driver's license, and passport numbers; and health and payment information of thousands of people in almost every American state.

    It all started to go wrong more than a year prior, as the cruise line became aware of suspicious activity in May 2019. This apparently wasn't disclosed until 10 months later, in March 2020.

    Continue reading

Biting the hand that feeds IT © 1998–2022