nito - Fotolia

Fourth man jailed for iCloud celebrity hacking

The final hacker charged with leaking nude images of female celebrities in 2014 has been jailed

The fourth man charged with hacking into private Apple iCloud accounts and leaking nude photos of Jennifer Lawrence, Kirsten Dunst, Mary Elizabeth Winstead and others has been jailed in the US.

The “celebgate” leak was initially blamed on an iCloud data breach, but a US federal investigation revealed that a small group of hackers was responsible for the initial data theft using phishing attacks.

George Garofano, 26, was sentenced to eight months in prison followed by three years of supervision for his role in hacking into the Apple iCloud accounts of 240 people in 2014, including about 30 celebrities.

Prosecutors had called for a sentence of up to 16 months, but Garofano asked for leniency and requested no more than five months in jail and five months of home confinement. He said he had already suffered serious consequences and had cleaned up his act since his hacking days in college.

Garofano pleaded guilty in April, admitting that he sent emails to the victims pretending to be a member of Apple’s online security team to trick them into disclosing their usernames and passwords.

Targets were either asked to provide their login credentials directly or to enter the data on a third-party website, reports AppleInsider.

Prosecutors said Garofano’s offence was “serious” because he had invaded his victims’ privacy and stolen personal information, including private and intimate photos, and that he had acted in “complete and utter disregard for the impact on his victims’ lives”.

Defence attorney Richard Lynch said his client had matured and had accepted responsibility for his actions. “There is nothing to suggest that he would ever engage in this or any other criminal conduct in the future,” he said.

Read more about two-factor authentication

  • Apple introduces two-factor authentication for iCloud and other services to protect users from hackers trying to access their accounts.
  • Swiss researchers propose a two-factor authentication system that does not require user interaction to help speed adoption of strong security.
  • The web’s top brands implement two-factor authentication for consumer web authentication.
  • It may seem daunting, but Two-factor authentication options are manageable for nearly all enterprises.

Three others have been sentenced to jail terms of between nine months and 18 months for their role in the scheme, including Edward Majerczyk, who in addition to a jailed term of nine months, was ordered to pay $5,700 compensation to an unnamed female celebrity whose images were leaked online in 2014.

The Apple iCloud intrusions prompted security commentators to highlight the importance of using two-factor authentication for online accounts, to keep hackers out even if passwords are compromised.

Following the compromise of the celebrities’ iCloud accounts, Apple recommended that users choose a strong password and enable two-factor authentication.

Apple also announced that it will alert users through email and push notifications when any changes to account settings are made.

Read more on Hackers and cybercrime prevention