This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records.
A legitimate presenting security researcher who has reported multiple vulnerabilities to Apple has been charged with allegedly breaking into a system connected to Apple’s backend, and then using that access to defraud the tech giant out of $2.5 million worth of gift cards and electronics, according to recently unsealed court records. Staggeringly, Apple explicitly thanked the defendant, Noah Roskin-Frazee, in a security update on January 22, nearly two weeks after he was arrested. An alleged co-conspirator was also charged.
“During the course of the scheme, the defendant and co-conspirators attempted to fraudulently obtain over $3 million in Company A [Apple] products and services through more than two dozen fraudulent orders,” the indictment reads. For the orders that did complete, the defendants obtained around $2.5 million in electronic gift cards and more than $100,000 in “products and services,” it adds. Many of these gift cards and products were then resold to third parties, the indictment says.