IE 11 is not supported. For an optimal experience visit our site on another browser.

Oregon Hacker Admits Stealing Celebrities' Nude Photos

The hacker tricked victims into sharing their email login credentials, which he used to steal their photos, authorities say.
Cyber Attacks
Cyber Attack CrimeBill Hinton / Moment Editorial/Getty Images
By Andrew Blankstein and Jon Schuppe

An Oregon hacker has admitted tricking dozens of people, including several celebrities, into giving up their email passwords, which he then used to steal all sorts of data, including nude and sexually explicit photos, federal authorities announced Friday.

Authorities didn't name the victims, or say what the 29-year-old hacker, Andrew Helton, did with the compromising photos. But authorities say they didn't appear to have been shared publicly.

"We have no evidence that these photos were posted online," Thom Mrozek, spokesman for the U.S. Attorney's Office in Los Angeles, told NBC News. "We also have no evidence that he attempted to sell them."

Helton faces up to five years in prison when he is sentenced June 2 in Los Angeles for unauthorized access to a protected computer. His lawyer said he declined to comment.

The case does not appear related to the "Celebgate" hack that resulted in last summer's posting of almost 500 purported photos of Hollywood stars, models and other celebrities — including Jennifer Lawrence, Kate Upton and U.S. soccer star Hope Solo — to an Internet forum, where they were widely downloaded.

Helton's technique was a classic "phishing" scheme, in which he sent emails to victims from an account that appeared to be from Apple or Google, according to the U.S. Attorney's Office in Los Angeles. His emails asked the victims — many of whom were members of the L.A. entertainment industry — to verify their accounts by clicking on a link, which sent them to a malevolent websites designed to look like they were legitimate Apple or Google login pages. Instead of logging in, the victims unwittingly handed over their credentials to Helton.

Read More: Naked Celebrity Photo Hack: Apple Says No iCloud Breach

The theft, which went on from about March 2011 to May 2013, netted Helton usernames and passwords for about 363 email accounts. Those allowed him to peruse victims' personal data, and he took 161 sexually explicit, nude or partially nude images of 13 of those victims, some of whom were celebrities, according to court documents.

Authorities were tipped to the scam by Apple, Mrozek said. Investigators then told the 13 victims that their photos had been stolen.

Andrew Blankstein

Andrew Blankstein is an investigative reporter for NBC News. He covers the Western U.S., specializing in crime, courts and homeland security. 

Jon Schuppe

Jon Schuppe is an enterprise reporter for NBC News, based in New York.