Took place in mid-2014, in the incident, anonymous hackers flooded the Internet with private photographs of major celebrities, including Jennifer Lawrence, Kim Kardashian, Kate Upton and Kirsten Dunst.
The Fappening was the result of the hack of thousands of Apple's iCloud accounts, including those belonging to Hollywood actresses, models and major celebrities.
Main Culprit Behind The Fappening
However, now two years later, new court documents reveal the name of the FBI's top suspected hacker: Ed Majerczyk.
In October of 2014, the Federal Bureau of Investigation (FBI) raided the home of Ed Majerczyk, a Chicago man believed to be the chief culprit behind a series of 2014 leaked celebrity photos that came to be known as 'The Fappening' or 'Celebgate'.
The man allegedly suspected of illegally accessing iCloud accounts from his home in Chicago. Also, the FBI found some sexual photographs lifted from Jennifer Lawrence, among his alleged social engineering exploits, according to court documents obtained by Gawker.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Here's How The Fappening Happened
Majerczyk's name came up after the federal agents raided the Chicago home of Emilio Herrera, who was alleged to have breached thousands of Apple's iCloud accounts, including more than 100 celebrity victims.
The court documents [PDF] show Majerczyk inevitably gained access to victim's iCloud accounts after posing as an "Apple Technical Assistant" employee, resulting in the stealing of the photos of very famous actresses and subsequently leaking them to the Internet.
"The FBI says Majerczyk, through a series of bogus email accounts like 'firstname.lastname@example.org' created a phishing dragnet that duped very famous victims into providing him with their passwords through some pretty elementary tricks…," Gawker reported.
How Did Jennifer Lawrence Hack?
Lawrence – who called the leak a "sex crime" – lost access to her iCloud account and then received a fake support email from email@example.com. The message reads as follows:
"Your Apple ID was used to login into iCloud from an unrecognized device on Wednesday, August 20th, 2014. Operating System: iOS 5.4 Location: Moscow, Russia (IP=220.127.116.11) If this was you please disregard this message. If this wasn't you for your protection, we recommend you change your password immediately. In order to make sure it is you changing the password, we have given you a one-time passcode, 0184737, to use when resetting your password at https://applesecurity.serveuser.com/. We apologize for the inconvenience and any concerns about your privacy. Apple Privacy Protection."
Lawrence then forwarded the phishing email to her assistant that could have given the hacker full access to her iCloud account.
The court documents show that Majerczyk used the combination of deceptive web domains and fake security warnings appear as if they originated from Apple in order to gain access to other Hollywood stars iCloud accounts.
According to the FBI, Majerczyk breached 330 unique iCloud accounts from his home a total of over 600 times in 2014. And once breached, Majerczyk downloaded the entirety of a victim's iPhone camera roll and uploaded it on 4chan.
A report by the Sun-Times notes that the overwhelming majority of the victim's iCloud accounts accessed by Majerczyk were from outside of Illinois.
The FBI investigation is ongoing. So let's wait and watch what comes next.