A 41-year-old Colorado hacker was sentenced Tuesday to 29 months in prison for selling code enabling blackmailers and others to scan Photobucket’s 10 billion images. Some of those images are of nude Photobucket customers who thought their content was stored privately.
Photobucket is an image and video hosting service with as many as 100 million users who keep their content in either public or private accounts. The company is headquartered in Denver.
“I don’t think you really understand what you did to other people,” US District Judge Wiley Y Daniel said before sentencing defendant Brandon Bourret. “You reveled in what you did.”
“Yes, seduced by money. I will not lie,” Bourret told the judge.
The defendant, who was indicted (PDF) with another man in May of last year and pleaded guilty (PDF) to hacking charges in April, also forfeited more than $49,000 in proceeds from the sale of the $30 application called “PhotoFucket.” The app gained much attention on the Internet. According to the government, PhotoFucket allowed users to bypass Photobucket’s privacy settings and “access and copy users private and password protected information, images, and videos without consent.” Bourret was accused of selling the app to at least 1,739 customers who accessed the accounts of nearly 2 million people.
A co-defendant, Athanasios Andrianakis, of Sunnyvale, was handed 15 months of home detention. His term is more lenient because he helped Photobucket shore up its vulnerabilities, which Photobucket had fixed three times.
The app, which caused great embarrassment for an untold number of people, was advertised on Skch.me, complete with nude pictures purloined from Photobucket.
“Welcome to Skch.me, where you can find photos exposed, amateur girls, amateur sex videos and more!” the ads said. “Rip ALL private albums by YOURSELF!”