Photobucket hackers face charges in US
Two men alleged to have developed an app enabling criminals to harvest personal data from users of photo-sharing site Photobucket have been arrested in the US.
The indictment against the pair includes a claim that they conspired to commit computer fraud.
The app allowed users to access password-protected accounts giving access to private photos.
It is not known how many Photobucket members were affected by the breach.
The app, whose name was an obscene pun on the name Photobucket, was marketed in 2012.
If found guilty, Brandon Bourret and Athanasios Andrianakis face a maximum penalty of five years in prison and a $250,000 (£161,000) fine for computer fraud.
They also face an extra prison sentence of up to 10 years and a further $250,000 fine if they are found guilty of two counts of access device fraud.
The evidence against them includes customer service messages to the users of the app and Paypal payments.
"We congratulate the Federal Bureau of Investigation and the United States Attorney's Office for their vigilant investigative work in identifying and bringing these perpetrators to justice.
"We will continue to support the government's work and our users through this ongoing criminal investigation," said Photobucket's chief technology officer Michael Clark.
Cybersecurity expert Prof Alan Woodward told the BBC the use of PayPal made the pair traceable.
"In such a case the law enforcement agencies just 'follow the money'," he said.
"If they had been using crypto-currencies it would have made life a lot more difficult for the law enforcement agencies."
Personal data is of great value on criminals, he added.
"A so-called Fulz (a full dossier of personal details) can sell for $15 (£10) on the black market.
"You can see that if this can be done at scale then it could be a lucrative undertaking."