Three years after one of the most prominent hacks in recent memory unfolded on Twitter, one of the responsible hackers is now facing federal prison time. Joseph James O’Connor, a 24-year-old UK citizen, was sentenced to five years in a New York federal court on Friday. In May, O’Connor pleaded guilty to four counts, including computer hacking, wire fraud, and cyberstalking. As part of his plea deal, he agreed to forfeit at least $794,000 to the victims of his crimes.

O’Connor, who was extradited from Spain earlier this year, has been in custody since then. During the hearing, Judge Jed S. Rakoff noted that O’Connor would likely serve around half of his sentence after spending more than two years in pre-trial custody. Prosecutors from the Justice Department had called for O’Connor to serve at least seven years in prison. The maximum sentence he faced was 77 years.

In court, O’Connor described his actions as “stupid and pointless” and offered an apology to his victims, asking for leniency from the judge. Prosecutors detailed O’Connor’s malicious activities, which included conducting a SIM swap attack, hacking Twitter accounts of high-profile individuals, and cyberstalking victims, including a minor.

O’Connor, who used the online handle PlugWalkJoe, was part of a group that orchestrated the breach of numerous notable Twitter accounts in July 2020. These accounts included those of Apple, Binance, Bill Gates, Joe Biden, and Elon Musk. The hackers leveraged their access to spread cryptocurrency scams. Twitter temporarily blocked users from posting as it grappled with the intrusion, leaving millions of users witnessing the cryptocurrency scams flooding their timelines.

Following the breach, Twitter faced scrutiny for its cybersecurity protections. A subsequent investigation by New York’s Department of Financial Services revealed that the hackers posed as Twitter IT staff to gain unauthorized access. They then hijacked the accounts of politicians, celebrities, and entrepreneurs to promote “double your bitcoin” scams, resulting in approximately $120,000 in illicit gains.

The incident prompted Twitter to enhance its cybersecurity measures, including the introduction of hardware security keys for employees to prevent future phishing attempts. However, two years later, more damning revelations emerged. Peiter “Mudge” Zatko, Twitter’s former head of security, described the hackers’ access as achieving “god mode,” enabling them to impersonate tweets from any account. In a whistleblower complaint filed in 2022, Zatko accused Twitter of cybersecurity failures, referring to the incident as “the largest hack of a social media platform in history.”

When approached for comment, Twitter responded with an auto-reply featuring a poop emoji, maintaining its practice since Elon Musk’s acquisition of the company.

Three years after one of the most prominent hacks in recent memory unfolded on Twitter, one of the responsible hackers is now facing federal prison time. Joseph James O’Connor, a 24-year-old UK citizen, was sentenced to five years in a New York federal court on Friday. In May, O’Connor pleaded guilty to four counts, including computer hacking, wire fraud, and cyberstalking. As part of his plea deal, he agreed to forfeit at least $794,000 to the victims of his crimes.

O’Connor, who was extradited from Spain earlier this year, has been in custody since then. During the hearing, Judge Jed S. Rakoff noted that O’Connor would likely serve around half of his sentence after spending more than two years in pre-trial custody. Prosecutors from the Justice Department had called for O’Connor to serve at least seven years in prison. The maximum sentence he faced was 77 years.

In court, O’Connor described his actions as “stupid and pointless” and offered an apology to his victims, asking for leniency from the judge. Prosecutors detailed O’Connor’s malicious activities, which included conducting a SIM swap attack, hacking Twitter accounts of high-profile individuals, and cyberstalking victims, including a minor.

O’Connor, who used the online handle PlugWalkJoe, was part of a group that orchestrated the breach of numerous notable Twitter accounts in July 2020. These accounts included those of Apple, Binance, Bill Gates, Joe Biden, and Elon Musk. The hackers leveraged their access to spread cryptocurrency scams. Twitter temporarily blocked users from posting as it grappled with the intrusion, leaving millions of users witnessing the cryptocurrency scams flooding their timelines.

Following the breach, Twitter faced scrutiny for its cybersecurity protections. A subsequent investigation by New York’s Department of Financial Services revealed that the hackers posed as Twitter IT staff to gain unauthorized access. They then hijacked the accounts of politicians, celebrities, and entrepreneurs to promote “double your bitcoin” scams, resulting in approximately $120,000 in illicit gains.

The incident prompted Twitter to enhance its cybersecurity measures, including the introduction of hardware security keys for employees to prevent future phishing attempts. However, two years later, more damning revelations emerged. Peiter “Mudge” Zatko, Twitter’s former head of security, described the hackers’ access as achieving “god mode,” enabling them to impersonate tweets from any account. In a whistleblower complaint filed in 2022, Zatko accused Twitter of cybersecurity failures, referring to the incident as “the largest hack of a social media platform in history.”

When approached for comment, Twitter responded with an auto-reply featuring a poop emoji, maintaining its practice since Elon Musk’s acquisition of the company.