The US Department of Justice (DOJ) announced that Joseph James O’Connor, aka PlugwalkJoe, 23, a UK citizen, pleaded guilty in New York to his role in cyberstalking and multiple computer hacking schemes, including the July 2020 hack of Twitter. He was extradited from Spain on April 26. According to court documents, between 2019 and 2020, O’Connor participated in various crimes associated with the exploitation of social media accounts, online extortion, and cyberstalking.
In July 2020, Joseph James O’Connor participated in a conspiracy to gain unauthorized access to accounts on social media platforms Twitter, TickTok, and Snapchat. He and his co-conspirators used social engineering techniques to obtain unauthorized access to these accounts. In some instances, the co-conspirators took control themselves and used that control to launch a scheme to defraud other Twitter users. In other instances, the co-conspirators sold access to Twitter accounts to others.
A number of Twitter accounts targeted by O’Connor were subsequently transferred away from their rightful owners. O’Connor agreed to purchase unauthorized access to one Twitter account for $10,000.
O’Connor also accessed one of the most highly visible TikTok accounts in August 2020, which was associated with a public figure with millions of followers. O’Connor used his unauthorized access to post self-promotional messages, including a video in which O’Connor’s voice is recognizable.
O’Connor also targeted another public figure in June 2019. O’Connor and his co-conspirators obtained unauthorized access to Victim-2’s account on Snapchat and obtained sensitive materials, including private images. O’Connor sent copies of these sensitive materials to his co-conspirators. O’Connor and his co-conspirators also reached out to their victim. They threatened to publicly release the stolen sensitive materials unless the victim agreed to publicly post messages related to O’Connor’s online persona, among other things.