Nude Celebrity Photo Hacker Jailed

Whether you chose to call it “Celebgate” or refer to it by the rather crude moniker of “The Fappening”, there’s no doubt that the leaking on the Internet of private nude photographs of dozens of Hollywood stars was one of the biggest stories of 2014.

At least 50 celebrity Apple iCloud accounts and 72 Gmail inboxes were broken into by 36-year old Ryan Collins, from Lancaster, Pennsylvania, whose victims included Jennifer Lawrence, Kirsten Dunst, Avril Lavigne, Kate Hudson, and Rihanna.

So how did Collins do it? Well, he simply tricked celebrities and their acquaintances and staff into coughing up their email passwords, by sending them emails that appeared to come from Apple or Google.

Collins was also able, in some instances, to use custom software to download the entire iCloud backups of his victims in his quest for nude photographs.

This meant that even if celebrities had not shared their private intimate snaps via email, Collins was able to extract it from their iPhone’s online backup. And, of course, unlocking the email account of one celebrity inevitably reveals the contact details of other celebrities, opening opportunities for further attacks.

In a statement issued earlier this year, FBI assistant director David Bowdlich described some of the distress that Collins’ victims must have felt:

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”

Interestingly, there is no evidence to suggest that Collins was the person who actually leaked the photographs onto the Internet, causing such a commotion. Instead, it appears that Collins was quite content phishing celebrities, and adding to his personal collection of nude photos from November 2012 until September 2014 when “The Fappening” occurred.

One of the victims, Hollywood star Jennifer Lawrence, was blunt in her opinions of the sites which chose to share the stolen photographs with their visitors:

“It is not a scandal. It is a sex crime. It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change. That’s why these Web sites are responsible. Just the fact that somebody can be sexually exploited and violated, and the first thought that crosses somebody’s mind is to make a profit from it. It’s so beyond me. I just can’t imagine being that detached from humanity.”

And now, Collins has been sent to prison for 18 months, leaving a wife and two young children without their father. Things could have been much worse for Collins and his family, if he had not agreed to a plea bargain with the authorities, it’s possible that he could have been sentenced to the maximum of five years in prison.

In all, the authorities identified over 600 victims of Ryan Collins including many members of the entertainment industry.

And it would be a brave person who bet money that a similar attack couldn’t happen in future, as we all know how easy it can be to trick people into unwittingly revealing their password through a carefully constructed phishing email.

Let’s hope that all of the stars exposed by “Celebgate” have learnt the valuable lesson of enabling multi-factor authentication to provide an additional layer of protection on their online accounts, and that regular civilians have also wised up that you should be protecting your online accounts with more than just a password.

The advice all Internet users to enable two step verification or two factor authentication on their accounts whenever available to increase their security.

The great thing about two-step verification and two-factor authentication is that it can help protect your data, even if your password is stolen by a criminal.

WeLiveSecurity

 

« Cybercrime in Canada
Inside Anonymous - ‘Civil War’ Over Its Fight With ISIS »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

Cado Security

Cado Security

Cado Security is pushing digital forensics, and cyber incident response to the next level with an incident response software platform and specialist consulting services.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.