Another hacker has been sentenced to prison for their part in a phishing scheme that yielded access to the private iCloud accounts of Hollywood celebrities, an incident referred to as "Celebgate."
According to the U.S. Attorney's Office for the District of Connecticut, George Garofano, 26, was on Wednesday sentenced to eight months in prison, followed by three years of supervised release, for instigating a phishing attack on more than 200 iCloud accounts. Victims of the hack included members of the entertainment industry, as well as non-celebrities living in Connecticut.
In court, Garofano admitted to participating in a phishing scheme from April 2013 through October 2014, soliciting for usernames and passwords in email correspondence that appeared to be from an official Apple security account. Targets were either asked to provide their information directly or to input the sensitive data on a third-party website.
Garofano used the credentials he obtained to gain unauthorized access to about 240 iCloud accounts, where he purloined private, and sometimes sensitive, data including photos and video. The hacker also traded usernames and passwords, as well as gathered material, with other individuals.
The U.S. Attorney's Office for the Central District of California filed charges against Garofano in January and the case was subsequently transferred to the District of Connecticut. Garofano pleaded guilty to one count of unauthorized access to a protected computer to obtain information in April.
In 2014, a cache of private media pulled from the iCloud and Google accounts of prominent public figures circulated through the dark web and ultimately saw wide distribution via file sharing protocols like BitTorrent.
Media reports at the time incorrectly blamed the alleged leak on an iCloud data breach, but Apple quickly denied those claims. A subsequent federal investigation revealed a small band of hackers was responsible for the initial data theft, largely accomplished through phishing and spear phishing schemes.
Garofano is the latest "Celebgate" offender to see prison time. Last year, an Illinois man was sentenced to 9 months in prison for a related phishing attack targeting more than 300 iCloud and Gmail accounts. Prior to that, a Pennsylvania man was sentenced to 18 months in prison for accessing 50 iCloud accounts and 72 Gmail accounts in 2016.