Skip to content
Naked Security Naked Security

Celebgate hacker who stole nude photos gets nine months in jail

29-year-old man hacked into 300 private accounts in 'abhorrent' crime

Another Celebgate hacker is headed to jail.

Edward Majerczyk, 29, pleaded guilty in September to prying open more than 300 iCloud and Gmail accounts – at least 30 of them belonging to Hollywood glitterati – and ripping off what the US Attorney’s Office demurely refers to as his victims’ “sensitive and private photographs and videos”.

…which is what the rest of us call nude celebrity photos.

On Tuesday, he was sentenced to nine months in federal prison, according to the Central District of California US Attorney’s Office.

Majerczyk, who’s from Chicago, was sentenced by US District Judge Charles P Kocoras, who said his crime was “abhorrent”.

As well the prison sentence – which he’ll begin serving at the end of February  – Judge Kocoras also ordered Majerczyk to pay $5,700 in restitution to one unnamed victim whose photos were published online.

The charge is a felony violation of the Computer Fraud and Abuse Act (CFAA, and specifically, one count of unauthorized access to a protected computer to obtain information. Majerczyk was charged by federal prosecutors in Los Angeles, but the case was transferred to the Northern District of Illinois, where he pleaded guilty and was sentenced.

According to the plea agreement, Majerczyk was a busy phisherman between November 23 2013 through August 2014.

That’s right before the September 2014 Celebgate gang-mugging of celebrities let loose, as intimate images of celebrities were stolen and disseminated online in places such as Reddit.

Thieves and many equally scumbaggy photo-sharers trampled over the privacy of Jennifer Lawrence, Kate Upton, Kirsten Dunst, Selena Gomez, Kim Kardashian, Vanessa Hudgens, Lea Michele and Hillary Duff, among others.

Majerczyk got to his victims with a phishing scam in which he sent messages doctored to look like security notices from ISPs.

The phishing messages led victims to a website that harvested their usernames and the passwords for their Google or iCloud accounts. With the credentials in hand, Majerczyk was free to romp through victims’ accounts and grab whatever photos and videos he could find.

Nasty, eh? Oh yes, said Deirdre Fike, the assistant director in charge of the FBI’s Los Angeles Field Office:

Mr Majerczyk manipulated hundreds of victims by tricking them into providing access to their accounts, including high-profile victims whose information was specifically targeted. The lasting harm this type of intrusion can cause to celebrities and non-celebrities alike cannot be overstated…

And it should serve as an important reminder to all of us of how dangerous it can be to respond to unsolicited e-mails in which our personal information is requested, Fike said.

Majerczyk’s case followed a guilty plea by Pennsylvanian Ryan Collins, 36, who was sentenced to 18 months in jail in October.

Both Majerczyk and Collins pulled the same shtick: sending phishing emails spoofed to look like they came from Apple or Google which asked victims for account credentials.

We never heard the details of how they constructed the phishing emails, but October brought us a fascinating dissection of how hackers used Bitly shortened links in phishing attacks to trick Democratic National Committee officials into handing over their own Gmail credentials.

The Feds have said that both Collins and Majerczyk were apparently operating independently and there is no evidence to suggest that either Majerczyk or Collins were the ones who actually posted the nude photos online.

In another investigation sparked by Celebgate, the US government seized a Chicago man’s computers in June 2015.

None of those cases, apparently, are related to yet another celebrity hacking prosecution: that of Alonzo Knowles’ guilty plea in New York for stealing new screenplays and sex videos from celebrities, nor of the felony hacking conviction of Andrew Helton in Oregon for similar hacking of celebrity-owned Apple and Google accounts.

In other words, Majerczyk is just the latest in a string of busted, soon to be imprisoned celebrity hackers. Investigators sure don’t seem to be tired of chasing them down, though.

All the better for the people they’ve victimized.

1 Comment

“As well the prison sentence – which he’ll begin serving at the end of February – Judge Kocoras also ordered Majerczyk to pay $5,700 in restitution to one unnamed victim whose photos were published online.”

Obviously, there was more than just one ” victim whose photos were published online”. Is there any explanation for why restitution was ordered for only one of them?


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!