Alleged celebrity iCloud hacker to plead guilty

A US man who allegedly broke into the iCloud accounts of LA celebrities in 2014 and stole their intimate photographs has sign an agreement to plead guilty to computer fraud.

An LA court has charged 28 year-old Edward Majerczyk from Illinois with one count of unauthorised access to a protected computer to obtain information, which carries a maximum penalty of five years in prison.

Majerczyk has now agreed to plead guilty over the high profile intrusion into the iCloud and Gmail accounts of at least 300 people, including at least 30 accounts held by US celebrities, and stealing private photographs and videos which were later leaked onto the web.

He has admitted to sending phishing emails disguised to look like they were issued from the security arm of internet service providers to trick his targets into handing over their usernames and passwords.

The court said the phishing scheme operated between November 2013 and August 2014.

Soon after, private images of prominent female celebrities, including actress Jennifer Lawrence, appeared on the 4chan forum.

Majerczyk was charged over the hack following an investigation by the FBI, however he has not been linked to distributing the images online.

US attorney Eileen M Decker called the offence a “a profound intrusion into the privacy of his victims [that] created vulnerabilities at multiple online service providers".

Deirdre Fike, assistant director heading the FBI’s LA field office, said “this defendant not only hacked into email accounts – he hacked into his victims’ private lives, causing embarrassment and lasting harm".

She also warned that “as most of us use devices containing private information, cases like this remind us to protect our data. Members of society whose information is in demand can be even more vulnerable, and directly targeted".

Apple has repeatedly denied that the breach of iCloud back-up accounts had anything to do with weaknesses in its own security defences, and confirmed its own systems were not compromised.

However, soon after the intrusions came to light, Apple introduced email and push notification alerts to customers when an account password is changed and when a new device logs into an account.

The Majerczyk case is likely to be transferred to the Northern District of Illinois for hearing.