Security Experts:

Connect with us

Hi, what are you looking for?



“Celebgate” Attacker Charged Over iCloud Photo Hacks

A Pennsylvania man was charged on Tuesday for accessing the Apple and Google email accounts of over 100 people, including several celebrities.

A Pennsylvania man was charged on Tuesday for accessing the Apple and Google email accounts of over 100 people, including several celebrities.

The man, 36-year-old Ryan Collins of Lancaster, Pennsylvania, was charged with felony computer hacking related to a phishing scheme that provided him with illegal access to said accounts. He managed to access at least 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebrities.

Collins signed a plea agreement to plead guilty to a felony violation of the Computer Fraud and Abuse Act, the announcement from the Department of Justice (DoJ) reads. According to the plea agreement filed on Tuesday, Collins agreed to plead guilty to one count of unauthorized access to a protected computer to obtain information.

The man admitted to have engaged in the phishing scheme from November 2012 until the beginning of September 2014, which allowed him to obtain usernames and passwords for his victims. 

When the unsuspecting victims responded to his phishing emails, Collins was able to illegally access the victims’ e-mail accounts and to obtain personal information from them. He managed to grab nude photographs and videos, and even used software that allowed him to download the entire contents of the victims’ Apple iCloud backups, the plea agreement reveals.

In September 2014, the FBI launched an investigation after numerous iCloud accounts of celebrities were hacked and photographs of numerous female celebrities leaked online, and the charge against Collins stems from that investigation.

Apple at the time revealed that its iCloud system was not breached and said that the attack targeted user names, passwords and security questions. A few days later, the consumer tech giant also announced that it would  ramp up the security of the iCloud service.

However, it appears that there was no evidence that Collins was linked to the actual leaks, nor that he uploaded the information he obtained.

The DoJ also announced that, although the man was charged in Los Angeles, the case will be transferred to Harrisburg in the Middle District of Pennsylvania, near Collins’ home, for the entry of his guilty plea and sentencing.

Collins faces a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months, although the recommendation will not be binding on the sentencing judge.

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information,” David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office, said.

In December 2015, 23-year-old Alonzo Knowles, aka “Jeff Moxey,” was charged for using malware and phishing to gain access to the email accounts of celebrities. Last month, Andrew Helton, 29, of Portland, pleaded guilty to a felony computer hacking charge and admitted to hacking the Apple and Gmail accounts of 363 people, including several celebrities.

The criminal complaint filing can be read here

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.