Third man charged in celebrity iCloud, Gmail hacking investigation

AppleInsider may earn an affiliate commission on purchases made through links on our site.

An Illinois man was on Monday charged with a felony computer hacking offense for his role in a phishing scheme that targeted more than 550 Apple iCloud and Google Gmail accounts, some of which belonged to prominent Hollywood celebrities.

The U.S. Attorney for the Central District of California said Emilio Herrera, 32, of Chicago, signed a plea agreement detailing a wide-ranging phishing operation that granted unauthorized access to sensitive user property.

According to the document, Herrera sent email messages resembling legitimate correspondence from internet service providers in a bid to dupe victims into furnishing account usernames and passwords. During the operation, conducted from April 2013 through August 2014, more than 550 people fell for the gambit, allowing the hacker access to their iCloud and Gmail accounts.

With username and password data in hand, Herrera was able to steal personal information and data, which in some cases included private photographs and video.

In 2014, a cache of nude photos and video belonging to prominent entertainment industry figures circulated through the dark web before wide circulation via file sharing protocols like BitTorrent.

Dubbed "Celebgate," the incident was initially blamed on an iCloud security breach, claims Apple denied at the time. Further investigation, namely the testimony of two indicted hackers, revealed the images were procured through simple social engineering.

Though Herrera engaged in the phishing scheme, investigators have found no evidence that he shared or uploaded the compromising data, nor has he been linked to the 2014 leak.

The Herrera case is a product of an ongoing FBI investigation into "Celebgate" and its perpetrators. In January, another Illinois man was sentenced to 9 months in prison for a related phishing attack targeting more than 300 iCloud and Gmail accounts. Before that, a Pennsylvania man last October was sentenced to 18 month in prison for accessing 50 iCloud accounts and 72 Gmail accounts.

Herrera's case is being transferred to the Northern District of Illinois, where he is expected to enter a guilty plea. He faces up to five years in prison for his crimes.