George Garofano was sentenced to eight months in prison on Wednesday after he pleaded guilty to hacking 240 iCloud accounts and taking part in a campaign known as “Celebgate” that resulted in the posting of nude photographs of female celebrities online.
Garofano, 26, faced up to five years in prison. Earlier this month, he expressed remorse and asked the judge for a shorter sentence. The defendant’s lawyer emphasized that he was not the mastermind behind the scheme and that he had matured since the wrongdoing, committed when he was 21 years old.
Prosecutors asked for a sentence of 10 to 16 months. Garofano, who will surrender in October, will face supervised release for three years after the prison stint is over.
“Garofano used the usernames and passwords to illegally access his victims’ iCloud accounts, which allowed him to steal personal information, including sensitive and private photographs and videos, according to his plea agreement,” according to a Department of Justice statement earlier this year. “In some instances, Garofano traded the usernames and passwords, as well as the materials he stole from the victims, with other individuals.”
This sentencing concludes what appears to be the final Celebgate court case. Garofano is one of four men charged by authorities for participating in the scheme. Emilio Herrera, 32, pleaded guilty last year and was sentenced this year to 16 months in prison for illegally accessing over 550 iCloud accounts. Edward Majerczyk, 28, pleaded guilty in 2016 and was sentenced to a nine-month prison term last year. Ryan Collins, 36, pleaded guilty and was sentenced to 18 months in 2017.
The hackers carried out a phishing campaign from April 2013 to October 2014 in which the group pretended to be Apple asking victims to share usernames and passwords. With the stolen credentials, the group released nude photos that quickly spread to popular websites including Reddit and 4chan.
Given the high profile of the victims and the rapid spread of the nude photos, the incident quickly turned into a significant scandal. One result was Apple encouraging users to turn on two-factor authentication to defend against phishing schemes as well as alerts whenever anyone changes a password, accesses data or logs in from a new device.