In February this year, Andrew Helton pleaded guilty to stealing 161 photos from 13 people after a two year “phishing” campaign to obtain user credentials, according to The L.A. Times. The sentence was handed down by District Judge John A. Kronstadt on Thursday.
The precise details of the technique used by Helton were not disclosed, although prosecutors said the victims received account verification emails that appeared to be from Apple and Google. The messages apparently included a link to a website posing as a legitimate login portal. From 2011 until he was arrested in 2013, Helton used his scheme to obtain login and password details for 363 email accounts, including many celebrities.
U.S. Attorney Stephanie S. Christensen said the hacker targeted strangers, acquaintances and celebrities, with the intention of obtaining nude images for personal use. However, none of the images are said to have ever made it into the public domain.
Helton said he regrets his actions, saying that a bipolar disorder triggered his phishing attack. Court documents revealed that Helton has been in treatment for the disorder since he was arrested.
Helton’s case came before the very high profile iCloud and Google account hacking incident known as “Celebgate”, due to the leak of nude photos from celebrities such as Jennifer Lawrence and Kate Upton.