DOJ Prosecutions of the 2014 Celebrity Photo-Hack ('Fappening') Phishers

The September 2014 leak of stolen private nude photos of dozens of female celebrities — commonly called 'Celebgate' or 'The Fappening' — was distributed at scale on Reddit, where r/TheFappening became the central hub before Reddit banned it. The underlying intrusions were not a single iCloud 'hack' but a series of phishing schemes in which the perpetrators impersonated Apple and Google security teams to trick victims into surrendering their account credentials. The U.S. Department of Justice pursued the phishers under the Computer Fraud and Abuse Act for unauthorized access to protected computers.

Ryan Collins of Lancaster, Pennsylvania, pleaded guilty in 2016 after a phishing campaign that accessed at least 50 iCloud and 72 Gmail accounts, mostly belonging to female celebrities; he was sentenced to 18 months in federal prison. Edward Majerczyk of Chicago was sentenced in January 2017 to 9 months plus restitution for a scheme that compromised more than 300 accounts. George Garofano of Connecticut was sentenced in August 2018 to 8 months for phishing more than 200 Apple iCloud accounts. Emilio Herrera of Chicago was also charged in the same investigation.

Notably, prosecutors stated they had not found evidence directly linking any of these defendants to the public posting of the images. The cases established that the breaches were credential-phishing crimes rather than a flaw in Apple's systems, and they remain among the most prominent CFAA prosecutions tied to NCII, even as Reddit served as the primary distribution venue for the stolen material.