Andrew Auernheimer, 27, was found guilty in a New Jersey court on one count of identity fraud and one count of conspiracy without authorization for his role in a 2010 security breach that exposed the email addresses and SIM ICC-ID numbers for 114,000 AT&T iPad users, Wired reports. Auernheimer and co-defendant Daniel Spitler extracted the data through a script — the site leaked e-mail addresses in response to ICC-IDs, and the script mimicked that behavior.
As The Verge notes, Auernheimer faces two consecutive five-year felony sentences for the verdict. AT&T representatives confirmed during testimony that Auernheimer did not crack any codes, steal passwords, or break into AT&T’s customer database, though he was found to have violated the 1986 Computer Fraud and Abuse Act.
Auernheimer tweeted that he would appeal the verdict. Spitler plead guilty to the charges last year and accepted a plea bargain.
