Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Celebrity Email Hacker Sentenced to 6 Months in Prison

Andrew Helton, 29, of Portland, Oregon, was sentenced this week to six months in prison for hacking into hundreds of email accounts, including ones belonging to celebrities.

Andrew Helton, 29, of Portland, Oregon, was sentenced this week to six months in prison for hacking into hundreds of email accounts, including ones belonging to celebrities.

Authorities say Helton illegally accessed 363 Apple and Google accounts through a phishing scheme that involved emails asking targeted individuals to “verify” their account by clicking on a link. Those who clicked on the links were taken to fake Apple and Google login pages and instructed to enter their username and password.

According to the Department of Justice, the Oregon man obtained roughly 448 usernames and passwords between March 2011 and May 2013. He used the credentials to steal private information from victims’ accounts, including 161 sexually explicit, nude and partially nude photographs of 13 individuals, some of whom were celebrities.

Helton pleaded guilty in February to one charge of unauthorized access to a protected computer to obtain information, which is a felony violation of the controversial Computer Fraud and Abuse Act (CFAA). He faced 5 years in prison, but a judge sentenced him on Thursday to only six months and ordered him to pay a $3,000 fine. The hacker will start serving his prison sentence on October 11.

“For over two years, Helton targeted unsuspecting victims with phishing e-mails that gave him full access to their private e-mail accounts,” stated U.S. Attorney Eileen M. Decker. “He systematically searched for and stole intimate images and stored them in his own computer for personal use, which meant the victims continued to suffer as a result of his voyeurism. Helton’s crime was a deep invasion of privacy that caused real harm.”

Authorities in the United States have prosecuted several individuals who hacked into celebrity email accounts. One of the longest prison sentences was given in 2012 to a Florida man – Christopher Chaney got ten years after targeting Renee Olstead, Mila Kunis, Scarlett Johansson and others.

New York-based hacker Mir Islam got a 2-year jail sentence earlier this month for doxing public figures, and there are several others awaiting sentencing. The list includes Romanian national Marcel Lazar Lehel, aka Guccifer, Alonzo Knowles from the Bahamas, and Ryan Collins of Pennsylvania, who is one of the people behind the 2014 “Celebgate” hacks. Lehel, Knowles and Collins all pleaded guilty in May. Edward Majerczyk of Illinois was also charged recently for his role in the “Celebgate” scheme.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Compliance

The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers.The updated rules, the FCC says, will...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...