These fake alerts convinced victims to type their usernames and passwords into a website controlled by the miscreant, allowing him to ransack their iCloud and Gmail accounts. Majerczyk, the son of two retired Chicago cops, was eventually collared by FBI agents probing "Celebgate" – the moment in 2014 when private nude photos of Kate Upton, Jennifer Lawrence, Ariana Grande and other stars were splashed on 4Chan and Reddit.
The pictures and videos were stolen from the victims' cloud accounts. During questioning, Majerczyk told the Feds he just wanted to "see things through other people's eyes." In a deal with prosecutors last July, he pleaded guilty to one count of unauthorized access to a protected computer to obtain information. “[Majerczyk] not only hacked into email accounts – he hacked into his victims’ private lives, causing embarrassment and lasting harm,” said the FBI's Deirdre Fike. “As most of us use devices containing private information, cases like this remind us to protect our data. Members of society whose information is in demand can be even more vulnerable, and directly targeted.” In addition to his sentence, handed down on Tuesday this week, Majerczyk was ordered to pay $5,700 to foot one celebrity victim's therapy bills.
The FBI also confiscated the hacker's Gateway computer, another desktop system, his iPhone, and various items of storage media. "At the time of the offense, Mr Majerczyk was suffering from depression and looked at pornography websites and internet chat rooms in an attempt to fill some of the voids and disappointments he was feeling in his life," his lawyer, Thomas Needham, told the court [PDF]. "After accessing the personal information and photographs for his personal viewing, he learned that others were distributing these private images on the internet. Mr Majerczyk did not realize the extent of this crime and was deeply affected by it. He immediately began seeing a therapist." According to his lawyer, there is no evidence that Majerczyk leaked any of the purloined pictures online. US prosectors did not charge him with the distribution of the images. Meanwhile in October last year, Ryan Collins, 36, of Pennsylvania, was jailed for 18 months for stealing similar snaps from people's accounts. Neither he nor Majerczyk have been directly accused of spreading the swiped selfies – a devastating leak that became known as The Fappening. Majerczyk's lawyer said his client was wracked with guilt and had had panic attacks since raiding his victims' private files.
Since it's said that he didn't upload the pictures to message boards, was a first-time offender, and pleaded guilty early, he received a relatively light sentence.
Still, the judge wasn't happy. "The conduct is abhorrent," said US district judge Charles Kocoras during this week's sentencing hearing in Illinois. "It's a very, very trying time that we live in." ® Sponsored: Continuous lifecycle London 2017 event.
DevOps, continuous delivery and containerisation. Register now
Spangenberg said that when the company got word of a pending police raid, it was standard practice to delete data and destroy equipment. "I would be called when governmental agencies raided Uber's offices due to concerns regarding noncompliance with governmental regulations," he said. "In those instances, Uber would lock down the office and immediately cut all connectivity so that law enforcement could not access Uber's information.
I would then be tasked with purchasing all new equipment for the office within the day." Uber did not respond to the allegations in the statement, citing a policy against commenting on active litigation.
The company did, however, provide The Register with a statement on the allegations made to the Center for Investigative Journalism. "It's absolutely untrue that 'all' or 'nearly all' employees have access to customer data, with or without approval.
And this is based on more than simply the 'honor system': we have built [an] entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs," Uber said. "This could include multiple steps of approval – by managers and the legal team – to ensure there is a legitimate business case for providing access." ® Sponsored: Want to know more about PAM? Visit The Register's hub
According to a new survey, about 40 percent of Americans would alongside giving up their favorite food.
To what lengths would you go to ensure online privacy?
According to a new survey, about 40 percent of Americans would refrain from sex and give up their favorite food to avoid cybersecurity headaches.
Password management firm Dashlane last week reported that nearly four in 10 people would sacrifice lovemaking for a year if in return they could stop worrying about being hacked, identity theft, or losing access to one or more of their online accounts.
Such drastic measures, however, are not necessary if simple password rules are followed—which, based on a continued stream of successful attacks, we clearly aren't all doing.
"The nature of online security has changed dramatically," Dashlane CEO Emmanuel Schalit said in a statement. "Five to 10 years ago, cybersecurity was about protecting devices with anti-virus software.
Today, data isn't on our devices, but in the cloud—and the best line of defense we have to protect this data are passwords."
"This survey data continues to highlight an unfortunate trend—even with breaches happening to everyone from companies and celebrities to consumers, people are continuing to engage in risky password behavior," Schalit said.
Folks continue to hand out passwords like Halloween candy: Dashlane's study suggests 45 percent of Americans have trusted someone, or been entrusted, with a password for email (23 percent) and streaming services (21 percent).
Netflix passwords, for example, are shared among family and friends; the company even acknowledges it happens.
But if any part of that password aligns with another an individual relies on to keep them safe elsewhere, distribution is a white flag of surrender to hackers looking to access personal information.
People are understandably more protective of passcodes linked to money. Passwords for online stores were shared much less often (14 percent), as is the case for banking logins including investment accounts and student loans (9 percent).
Insurance providers are the least shared (6 percent), which makes sense, because who wants to talk about insurance?
Based on responses from more than 2,000 US adults, the study also concluded that younger Americans (millennials aged 18 to 34 who grew up using the Internet) are more trusting and trusted than older generations (64 percent vs. 37 percent), and that married people are less likely to part with passwords (41 percent vs. 49 percent).
A quarter of those surveyed believe that sharing a social media password is more intimate than sex.
But copulation isn't the only forfeiture folks are willing to make: Four in 10 people would rather pass up their favorite food for a month than go through a password reset process.
For more, see PCMag's review of the Dashlane 4 password manager and the slideshow above.