"Celebgate" Nude Photo Hack Breached Nearly 600 Accounts, FBI Says; Investigation Leads to Chicago

Privacy breach involving Jennifer Lawrence, Kate Upton, Kirsten Dunst and more female celebrities might have been more expansive than initially thought

By Rebecca Macatee Jun 10, 2015 1:37 PMTags
Jennifer LawrenceRyan Turgeon / Splash News

The 2014 leak of hacked celebrity nudes might be more expansive than we initially thought.

According to unsealed federal court documents obtained by NBC News, nearly 600 online storage accounts could have been breached. Upon the initial Labor Day weekend leak of private photos belonging to Jennifer Lawrence, Kate Upton, Kirsten Dunst, Kaley Cuoco-Sweeting and more female stars, the FBI's Cybercrimes Unit launched an investigation.

As early as October, the investigation led authorities to an address on the South Side of Chicago, the FBI said in a recently unsealed search warrant affidavit obtained by NBC News. Using phone records and IP data, investigators found that the compromised celebrity accounts had been accessed by a computer linked to two email addresses belonging to Emilio Herrera.

Herrera, 30, was not named as a suspect in the FBI affidavit. Per NBC News, "IP and email addresses can be masked or spoofed through a variety of technologies, and Internet data can be routed through third-party computers without their owners' knowledge using any of a number of software packages." So again, while Herrera is identified in the documents, this does not necessarily mean he is considered a suspect.

Investigators got a warrant to search Herrera's home, but it's unknown at this time what was found. In obtaining the warrant, though, the FBI revealed that nearly 2,500 iCloud accounts were targeted. According to the affidavit, the computer address linked to two email accounts belonging to Herrera was successfully used to access 572 accounts, each an average of about six times; the computer address was used in nearly 5,000 attempts to reset 1,987 other iCloud passwords. This seemingly supports Apple's initial statement that the hacking was the result of a targeted attack on usernames, passwords and security questions—and not a fault in iCloud's security settings.

"A number of them were accounts of celebrities who had photos leaked online," the affidavit states, and most of the unpublished hacked photos belonged to "celebrities, models or their friends and families."

The investigation remains ongoing.