The U.S Department of Justice announced that is has formally charged Ryan Collins of Lancaster, Pa., with felony computer hacking for an alleged Apple iCloud phishing scheme.
Prosecutors claim Collins gained access to iCloud accounts over a nearly two-year period by sending scam emails soliciting usernames and passwords.
The incident involved the theft of images belonging to several high-profile female celebrities.
According to the plea agreement, from November 2012 until the beginning of September 2014, Collins sent emails to his targets that appeared to be from Apple or Google. The emails requested usernames and passwords. Once he obtained the usernames and passwords, Collins then gained access to the victims' accounts and downloaded the contents of the victims' Apple iCloud backups.
According to the DOJ, Collins was able to gain access to at least 50 iCloud accounts.
Collins will face a statutory maximum sentence of five years in federal prison.
“Today, people store important private information in their online accounts and in their digital devices,” said U.S. Attorney Eileen M. Decker in a DOJ statement. “Lawless unauthorized access to such private information is a criminal offense. My office remains committed to protecting sensitive and personal information from the malicious actions of sophisticated hackers and cyber criminals.”
Phishing continues to be a significant problem for individuals and businesses alike. A report released by the Ponemon Institute last summer found the average 10,000-employee company spends $3.7 million a year dealing with phishing attacks.