The Celebgate incident saw the nude selfies of many female celebrities, such as Jennifer Lawrence, widely shared online. The victims’ photos had been backed up to the cloud storage accounts associated with their smartphones, and someone had gotten into those accounts and stolen the shots.

Ryan Collins of Lancaster has now been charged with computer hacking, with a recommended prison term of 18 months. According to a Justice Department statement, he pled guilty to a felony violation of the Computer Fraud and Abuse Act.

Get Data Sheet, Fortune’s technology newsletter.

Collins accessed at least 50 iCloud accounts and 72 Gmail accounts.

It’s not entirely clear whether Collins was the one who leaked or shared the Celebgate photos themselves, as investigators could find no evidence that this was the case.

However, he was caught as part of the probe into that incident. In 2014, he had used standard phishing techniques on his victims, sending them emails that purported to come from Apple(AAPL) or Google(GOOG), in order to get them to divulge their usernames and passwords.

For more on cybersecurity, watch:

“After illegally accessing the e-mail accounts, Collins obtained personal information including nude photographs and videos, according to his plea agreement,” the statement read. “In some instances, Collins would use a software program to download the entire contents of the victims’ Apple iCloud backups.”

How can people protect themselves from this kind of violation? It’s hard to argue with the recommendation of the FBI’s David Bowdich in that statement: “[We] strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”