Don't miss the latest stories
Fake Apple Employee Steals Nearly 630K Photos & Videos From iCloud Accounts
By Mikelle Leow, 27 Aug 2021
Subscribe to newsletter
Like us on Facebook
Photo ID 216546756 © Seemanta Dutta | Dreamstime.com
A Los Angeles man was charged for conning Apple customers and stealing 620,000 photos and 9,000 videos from iCloud accounts. Posing as an Apple support employee, he accessed 4,700 accounts and obtained sensitive photos of 306 users from the US, the majority of them being young women, the FBI estimates.
Hao Kuo Chi, a 40-year-old man from La Puente who goes by the name of David, has pleaded guilty to four counts, including computer fraud and conspiracy. He faces five years in prison.
Under the moniker “icloudripper4you,” Chi had advertised his services to break into others’ iCloud accounts for a fee, the Los Angeles Times reports.
He would then begin the so-called “hack” by sending out emails—under the Gmail addresses “applebackupicloud” and “backupagenticloud”—to dupe unwitting Apple users into sharing their iCloud usernames and passwords.
The FBI found 500,000 emails in the two Gmail accounts Chi had used, with 4,700 exchanges containing iCloud login information that victims had volunteered to him.
With the victims giving up their iCloud credentials, Chi was able to get into accounts without actually “hacking” them. He then pilfered 620,000 photos and 9,000 videos and uploaded them in a Dropbox account, sorting images by whether they were nudes of women he deemed attractive—which he’d label as “wins.”
Chi would send a Dropbox link to those who hired his services.
His downfall came after a celebrity’s private photos were posted on an adult content website in 2018, and the subject recruited an agency to have the images taken down. The firm traced the pictures to Chi’s house and got law enforcement involved, an FBI raid found mounting evidence against the man.
The fact that Chi was able to get thousands of login credentials without hacking is alarming. Take this as a precautionary tale and a reminder to always check the email address of anyone claiming to represent a company. Legitimate Apple email addresses end with @apple.com and @icloud.com, for instance.
“Never share your Apple ID password or verification codes with anyone,” the company warns. “Apple never asks for this information to provide support.”
[via Light Stalking and DIY Photography, cover photo ID 216546756 © Seemanta Dutta | Dreamstime.com]
Receive interesting stories like this one in your inbox
Also check out these recent news