A hacker who stole nude photos from celebrities’ computers and then posted them online pleaded guilty today to a felony violation of the Computer Fraud and Abuse Act. He faces up to five years in federal prison.

Andrew Helton had engaged in a two-year phishing scheme and obtained 448 usernames and passwords from 363 email accounts. Many of Helton’s victims were members of the entertainment industry in Los Angeles. By illegally accessing the email accounts, HImage (1) fbi-logo__130515025847-275x206.jpg for post 499687elton obtained 161 sexually explicit, nude or partially nude images of about a dozen victims, some of whom were celebrities.

“This insidious crime has distressed scores of average individuals, as well as celebrity victims,” said David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “The FBI is committed to holding accountable those who illegally intrude upon the cyber landscape, and to educating consumers about strengthening passwords and employing two-factor authentication, among other safeguards.”

According to his plea deal, Helton engaged in a phishing scheme from March Hacker illustration2011 to May 2013 to obtain usernames and passwords. He sent emails to victims that appeared to be from Apple or Google asking them to “verify” their accounts by clicking on a link. Once the victims clicked on the link, they were taken to a malicious website that looked like an Apple or Google login page. When the victims entered usernames and passwords there, Helton then had access to their email accounts.

Helton, 29, of Portland, OR, will have a sentencing hearing June 2. The U.S. Attorney’s office declined to reveal the names of the celebrities whose email accounts were hacked, but Assistant U.S. Attorney Stephanie Christensen said that Helton was not the hacker involved in a similar crime, known as the Fappening, which is still under investigation.