A judge sentenced a Pennsylvania man tied to the so-called “Celebgate” scandal—in which nude pictures of celebrities like Jennifer Lawrence and Kate Upton were leaked to the Internet—to 18 months in federal prison on Wednesday.
Ryan Collins, 36, admitted earlier this year to deceiving approximately 100 entertainment industry figures into disclosing their log-in credentials for private Apple iCloud (aapl) and Google Gmail (googl) accounts. When the targets—most of whom are female celebrities—supplied the information, Collins was able to access their private photo galleries.
According to the Justice Department, C0llins “engaged in a sophisticated phishing scheme” between 2012 and September 2014, when the nude celebrity pictures began to circulate widely on the Internet. The 2014 incident was in the news again this month on the discovery that Ken Bone, the everyman icon from the Presidential debates, crassly boasted on Reddit about viewing Lawrence’s nude pictures.
Collins’ sentence came after he pled guilty to violating a federal statute that forbids obtaining information through unauthorized access to a protected computer. In some cases, the Justice Department said Collins used a software program to download the victims’ iCloud accounts.
Get Data Sheet, Fortune’s technology newsletter.
“The defendant intruded into the online accounts of hundreds of victims and in doing so, intruded upon their lives, causing lasting distress,” said Deirdre Fike, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “The prison sentence received by Mr. Collins is proof that hacking into the accounts of others and stealing private information or images is a crime with serious consequences.”
The agency’s investigation did not, however, turn up any evidence that Collins was responsible for distributing the photos to websites like 4Chan, where they were circulated. Meanwhile, the Justice Department this summer charged a second man, 28-year-old Edward Majerczyk of Illinois, with charges similar to those laid against Collins.
Collins’ hacking efforts, which involved at least 50 iCloud and 72 Gmail accounts, reinforce the need for consumers to be wary about disclosing their passwords—even when the request appears to come from a site like Google or Apple— and to deploy security measures like two-factor authentication.