Click to Skip Ad
Closing in...

How the Jennifer Lawrence iCloud hack really happened

Published Mar 16th, 2016 6:50AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

In early September 2014, Apple was preparing to announce a massive iPhone upgrade: bigger iPhones than anything it launched before. But just a few days ahead of the press iPhone 6 press event, an iCloud security scandal broke out. Nude pictures belonging to Jennifer Lawrence and many other celebrities leaked online, originating from iPhone backups.

Apple explained at the time that its iCloud security was not breached and that hackers probably employed phishing schemes to obtain the usernames and passwords from their victims.

Now, 18 months later after the scandal, we finally find out what happened. And it turns out that phishing attacks were indeed used to target the celebrities.

DON’T MISS: 11 paid iPhone apps on sale for free for a limited time

According to NBC News, it’s 36-year-old Ryan Collins the person responsible for phishing login credentials from many celebrities. With usernames and passwords in hand, he was able to log into Gmail accounts and even download iCloud backups from where he extracted nude photos.

What Collins did to gain access to at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014 was rather simple. He sent his victims emails that looked like they originated from Apple or Google, fooling them into handing their credentials over.

Collins was charged in Los Angeles with violating the Computer Fraud and Abuse Act. He agreed to plead guilty to one count of unauthorized access to a protected computer to obtain information.

The prosecutors recommend a sentence of 18 months, the U.S. Attorney’s Office said, rather than the maximum of five years in prison for the offence.

There’s no evidence that Collins posted the nude photos online, or that he leaked them though the investigation continues.

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity,” the Assistant Director in Charge of the FBI’s Los Angeles Field Office David Bowdich said.

“We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.