Recap: For about four years, a Los Angeles county human being was able to steal hundreds of thousands of photos and videos from iCloud accounts of young women across the US. While he didn't intermission iCloud security to exercise and so, this is an important reminder to never surrender your Apple ID credentials to anyone and use 2-factor authentication to foreclose unauthorized access to your account.

Back in 2022, Apple tree faced one of the biggest security blunders in the company's history when a grouping of hackers managed to exploit iCloud accounts of over a hundred celebrities and got access to their individual photos and videos. Several men have since been institute responsible for the incident, which culminated with the broadcasting of the individual content around the web.

Even though Apple never admitted to an actual iCloud alienation, it is believed this was made possible by lenient security practices which allowed creature-force password guessing.

Fast forward to today, and a California man has pled guilty to no less than four felony charges after he broke into thousands of iCloud accounts with the aim of stealing nude images of women. According to a report from Los Angeles Times, Hao Kuo Chi admitted he had impersonated members of Apple customer back up to fool his victims into sharing their Apple ID credentials over electronic mail.

Court documents reveal that 40-year-old Chi stole over 620,000 private photos and nine,000 videos that he so hosted on his personal Dropbox account to sort out the "win" images from the rest. In gild to do this, he didn't breach whatsoever of iCloud's security protections, and instead used social engineering and phishing on over 300 victims across the US, most of them young women.

For years, Chi operated online under the nickname of "icloudripper4you," and used two Gmail addresses where the FBI institute over 500,000 emails and four,700 iCloud credentials that victims had sent him. He didn't work alone, although he maintains he doesn't know the identity of his co-conspirators.

The scheme worked between 2022 and 2022, but immediately barbarous apart after Chi decided to share the private photos and videos online. Soon enough, a California-based visitor specializing in removing celebrity photos from the web notified an unnamed client that it had constitute a lucifer on several pornographic websites.

Investigators had already been tracking Chi using data from several sources such every bit Apple, Dropbox, Google, Facebook, and Lease Communications, and somewhen they were able to track down his home address. Chi pleaded guilty earlier this month, and faces upwards to five years in prison for each 1 of the four charges.

Prototype credit: Igor Starkov