Apple’s cloud storage service, iCloud, has been the subject of private data leaks before. In another similar incident, a scammer illegally obtained access to about 620K private photos and videos by conning the victims into sharing their credentials with him.
Among his 300+ victims across the United States, a majority were reportedly young women. Besides stealing confidential media, the Californian scammer also shared certain data with his co-conspirators online.
Interestingly, this iCloud leak didn’t involve any hacking or breaching of Apple’s online security. We have seen previous iCloud leaks, commonly dubbed as The Fappening after the first attack of such kind happened in 2014, that compromised the privacy of several high-profile celebrities.
How The iCloud Leak Took Place
Hao Kuo Chi, a 40-year-old man from La Puente, California, was behind the iCloud scam, reports Los Angeles Times. Also known by his alias “David,” Chi sent forged customer support emails to his targets and tricked them into sharing their Apple ID and password. He then used the credentials to log in and download their personal data illegally.
Chi didn’t stop there and also offered his scamming services to people online under the username “icloudripper4you.” According to the report, close to 200 of the accounts he hacked were at the request of his online customers. He would send them a Dropbox link which gave access to the victim’s stolen data, explained FBI agent Anthony Bossone.
For carrying out the scam, Chi maintained two Gmail accounts under the names “applebackupicloud” and “backupagenticloud.” The FBI reports that these accounts had over 500K emails combined which contained 4.7K iCloud account login details.
Moreover, the iCloud scammer revealed he was in contact with unidentified co-conspirators whom he messaged using an encrypted mail service. The culprits would skim through stolen iCloud media and share victims’ nude pictures and videos among them. When asked about his partners, Chi stated, “I don’t even know who was involved.”
How The iCloud Scam Bust Happened And Its Possible Aftermath
The investigation on the case started in March 2018, after a California-based privacy firm informed an anonymous celebrity about the individual’s nude pictures making rounds on the internet. Eventually, the investigators deduced that the culprit stole these pictures from the victim’s iCloud. A suspicious login record helped the authorities zero in on Chi’s location, after which they captured him.
Now, Chi has pleaded guilty to four felonies, including conspiracy and gaining unauthorized access to a protected computer. This could land him in jail for up to five years for each crime.
The conman reportedly admitted in a phone call that he feared the exposure of his crime would ruin his life. Further, he added, “I’m remorseful for what I did, but I have a family.” Hopefully, potential cyber criminals realize this way before the thought of committing a crime crosses their minds.
As for the iCloud users, it’s high time to follow Apple’s advice and enable two-factor authentication to increase the security of their accounts.