36-year-old man to plead guilty to iCloud ‘Fappening’ celebrity nude photo theft

“A man has been charged with hacking the Apple iCloud and Gmail accounts of celebrities and stealing nude photos and videos from them,” BBC News reports. “The US authorities say Ryan Collins has agreed to plead guilty to the offence… The 36-year-old is alleged to have stolen usernames and passwords via a phishing scam.”

“The Department of Justice said that the Pennsylvania-based Collins had admitted to breaking into more than 100 accounts between November 2012 and September 2014. He is said to have achieved this by sending emails to the victims that pretended to be from Google or Apple requesting their login details,” The Beeb reports. “Collins is accused of accessing at least 50 iCloud accounts and 72 Gmail accounts.”

“‘Through his phishing scheme [the] defendant was also able to access full Apple iCloud back-ups belonging to numerous victims, including at least 18 celebrities, many of whom reside in the Los Angeles area,’ the court papers state. ‘Many of these back-ups contained nude photographs and videos,'” The Beeb reports. “The celebrities are not named, but the attacks coincide with stolen photos of the actresses Jennifer Lawrence, Kate Upton, Mary Elizabeth Winstead and others being posted to the internet in 2014, which was blamed on an iCloud breach at the time. Collins has not been accused of uploading the images for others to see.”

The Beeb reports, “The FBI added that the case against Collins was part of an “ongoing investigation”, indicating that there may be further arrests.”

Read more in the full article here.

MacDailyNews Take: Again, too many people use one password for multiple services and weak passwords at that. Once hackers guess that password, they then have access to all sorts of things: cloud storage, bank accounts, Facebook, Twitter, email, etc.

Regardless of the origination of these photos and videos, social engineering hacks can be thwarted, at least for iCloud. Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.

Always use unique passwords and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.

‘Fappening’ celebrity nude leak suspect alleged to have hacked 572 iCloud accounts – June 10, 2015
iCloud accounts at risk after hacker releases tool allowing access to any login – January 2, 2015
Jennifer Lawrence calls nude photo hacking a ‘sex crime’ – October 7, 2014
Apple’s iCloud security nightmare gets worse as more nude celebrity pics leak – September 21, 2014
Since the celebrity nude iCloud hacks, one third of Americans have improved their online security – September 8, 2014
Apple denies iCloud breach – September 3, 2014
How easy is it to crack into an Apple iCloud account? We tried to find out – September 3, 2014
Celeb nudes: Comprehensive review of forum posts reveals no mention of ‘Find My iPhone’ brute force technique – September 2, 2014
Apple’s iCloud is secure; weak passwords and gullible users are not – September 2, 2014
Apple: No iCloud breach in celebrity nude photos leak – September 2, 2014
FBI, Apple investigating alleged iCloud hack of celebrity nude, sex photos and videos – September 2, 2014
Celebrity or not, Apple isn’t responsible for your nude photos – September 2, 2014
Apple ‘actively investigating’ Jennifer Lawrence, other nude celebrity photos hack – September 1, 2014


  1. Wait a minute here. I thought I was told this was an Apple problem where folks hacked iCloud. 50 iCloud accounts? Ok, I get that. But I don’t remember the outrage about the 75 gmail accounts where this information was stored. How can that be. Apple bad, Google good/harmless, right? Ok, maybe Google’s name got brought up in small print that said maybe they were possibly included…but I remember this being an all-Apple story. This article can’t be right. /s

    1. The press has an anti-Apple bias? I’m shocked – the thought never occurred to me before! /s

      On a side note. Why are celebrities/people so infatuated by their own nude bodies as to take photos and videos all the time. Seriously, get over your narcissism already.

      1. Yes. Jail time. Restitution. And penalties.

        And be sure the IRS gets their fair share of taxes due on any (undeclared) monies he received to sell the photos.

  2. MDN’s admonition to “Always use unique passwords” is not going to be heeded by the Hollywood elite who already consider themselves so unique, that the rules for the masses don’t apply to them.

  3. Unfortunately, these types of things will continue to happen for as long as the access to these services is restricted by the old userid/password method. Two-step verification, while effective, is pretty much a non-starter for most people, as it requires, well, two steps (plus having to manually copy a number from your phone into your computer).

    I’d be curious to know how many readers here use unique passwords for each of the major services they use (gmail, iCloud, FB, Twitter, MDN, banking, office network, etc). And how many have enabled the two-step verification for services that offer it. If people answered truthfully and honestly, I wouldn’t be surprised if less than 20% of people did either (or both) of the two.

  4. What drove me nuts about this thing was how you couldn’t point the obvious — that it’s a bad idea to keep digital nudes of yourself on the internet if you don’t want the public to see them — without being accused of “victim blaming”. We’re not saying it’s the victim’s fault, we’re just saying that taking precautions to protect your privacy is the smart thing to do. You need to protect yourself.

    My wife won’t let me take nude pictures because she doesn’t want digital nudes of her to exist. She thinks it’s the only way to guarantee the privacy of her body, and she’s right!


  5. It took Reddit 8.5 days to take down the r/TheFappening subreddit when management and admins new that this was an alleged leak or a hack. Now, I can see it wasn’t a “hack” per se of iCloud accounts, but rather a hack of ignorance (social engineering). It would be nice to put all the unemployed IT personnel in this country to work, protecting celebrities data after going through a vetted process. I’m glad he was eventually caught and sentenced, but phishing attacks will continue unless one goes through some time of education about technological awareness.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.