In August of 2014, private photos and videos stolen from private online accounts from a number of celebrities were released online. Once authorities began to investigate, it soon became clear that the photos were acquired via a phishing scam which targeted the iCloud accounts of well-known celebrities. All told, more than 500 sensitive photos and videos — mostly of women –were released online.

DON’T MISS: What Formula 1 drivers see when they’re racing at 220 MPH

Now comes word via the DOJ that one of the hackers involved in the ordeal, a Chicagoan named Edward Majerczyk, recently plead guilty to his role in the hack and now faces as many as five years in prison. As for Majerczyk’s specific role, he is charged with using an elaborate phishing scheme which tricked unsuspecting users into entering in their security credentials into a fake website. From there, he managed to access as many as 300 distinct gmail and iCloud accounts.

According to the factual basis in the plea agreement, from November 23, 2013 through August 2014, Majerczyk engaged in a phishing scheme to obtain usernames and passwords for his victims. He sent e-mails to victims that appeared to be from security accounts of internet service providers that directed the victims to a website that would collect the victims’ usernames and passwords. After victims responded by entering information at that website, Majerczyk had access to victims’ usernames and passwords. After illegally accessing the iCloud and Gmail accounts, Majerczyk obtained personal information including sensitive and private photographs and videos, according to his plea agreement.

The DOJ adds that Majerczyk has pled guilty to a felony violation of the Computer Fraud and Abuse Act, a violation which carries a maximum sentence of five years.

“Hacking of online accounts to steal personal information is not merely an intrusion of an individual’s privacy but is a serious violation of federal law,” US Attorney Eileen M. Decker said in a press release. “Defendant’s conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers.”

Comments