Bronk used an obvious, but clever method to hack into the women's accounts: since Webmail accounts have password recovery schemes that could be bypassed using information from Facebook profiles, such as favorite foods, high-school mascots, favorite colors, and so on, once he obtained that information, he would try to hack into an account. If he did, he would then change the password, locking out the original user, and that was just the beginning.
Bronk would then scan each women's "Sent Message" folder, looking for any nude pictures or videos. If he found any, sometimes he'd pictures to the women's entire contact list, just for fun. On other times, he'd blackmail the woman directly, telling them he'd publish the pictures unless he received more nude pictures from them. One victim called it "virtual rape." He would sometimes even double-dip, emailing Facebook using the stolen account to get the password, then using that account for mischief.
Late last week, Bronk pleaded guilty in Sacramento Superior Court to seven felony charges, including computer intrusion, impersonation and possession of child pornography. He faces up to six years in prison, and will return in March for sentencing.
Reportedly, he hacked into hundreds of accounts, with the women spread across 17 states and even in England.
This is obviously a cautionary tale. While it's probably not going to stop women from sending nude photos to their beaus (which might be a good idea), many Webmail sites allow custom password recover questions. If a user created their own custom question, one which they don't post to their Facebook profile, they wouldn't see this problem happen.
It's also possible to use standard questions if you either don't post the answer to a social networking site, or muck with the answer with a faux response. At any rate, it's just another example of why you shouldn't share "everything" on the Internet.
