Susan Atrach of Ridgefield Park was charged Thursday with 11 felony counts—five counts of identity theft, five counts of accessing and using computer data to commit fraud or illegally obtain money, property or data, and one count of accessing computer data without permission.
According to the prosecutors, Atrach allegedly hacked into email accounts belonging to Gomez and one of her associates several times between June 2015 and February 2016, the Los Angeles County District Attorney's office said in a press release. She then obtained images and other media stored there and shared them with her friends and posted them online.
Gomez, who has more than 138 million followers on Instagram, was the victim of a hacking attack in August 2017, when nude photographs of her ex-boyfriend Justin Bieber were posted to her Instagram account.
However, it is not immediately clear if those photos were also the subject of the criminal charges against Atrach.
According to LA Times, Atrach believed to have broken into Apple iCloud and Yahoo email accounts used by Gomez and her personal assistant, by using the publicly-available information to answer the singer's "secret questions."
She then reportedly stole digital information, including nude photos of Justin Bieber that were taken as Gomez and Bieber vacationed in Bora Bora in 2015, and made them online.
Atrach is scheduled to be arraigned in Los Angeles Superior Court by August 27. If convicted, Atrach could face up to nine years and eight months in prison.
Neither Gomez nor any of her representatives have made a comment on the case.
It seems like celebrities are not taking the security of their online accounts seriously, as anyone could find the answers to celebrities’ security questions among hundreds of pieces of information about the celebrities readily available on the Internet.
In past, hackers managed to breach the iCloud accounts of a hundreds of singers and actresses, including Jennifer Lawrence, Kate Upton, Miley Cyrus, and Kim Kardashian, extract nude photos and videos and then post them online—the incident very well known the Fappening.
So, lesson learned—always choose strong and unique passwords for all your online accounts and enable two-factor authentication, if available, so that even if the hackers know your password, they can not get into your account.
Moreover, do not keep easy-to-guess answers to your security questions, use one that only you knows, and nobody else.
Since such hacks are usually conducted using social engineering tricks, you are advised to avoid clicking on any suspicious link or attachment you receive via an email or message and avoid providing your personal or financial information without verifying the source properly.