Two men were arrested last week for allegedly developing hacking software that steals user information and photos from the image-hosting website Photobucket, reports The Register.

Suspects Brandon Bourret of Colorado and Athanasios Andrianakis of California are said to have sold an application that enables criminals to access Photobucket users' private photos, videos and information. The two men face charges of computer fraud and abuse, identification document fraud, wire fraud and access device fraud, the latter of which could come with a sentence of up to ten years in federal prison and a $250k fine per count.

As noted by Engadget, a security flaw in Photobucket.com made it possible to search for pictures posted in private folders, all criminals needed to do was guess the photo's direct URL. The photo-stealing app by Bourret and Andrianakis is said to have acquired passwords for private photo albums and granted access to the photos inside.

“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protected privacy on the internet,” said U.S. Attorney Walsh. “The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft – and for the wanton harm they do to innocent internet users.”

Stolen photographs were also the subject of much controversy last year, after a number of celebrities fell victim to cybercriminals exploiting an iCloud vulnerability. ESET's senior security researcher Stephen Cobb says it's the criminals though, not the technology which is to blame: "Let’s put some of that anger and outrage into lobbying our government to take more decisive action against cybercrime and the people who perpetrate it,” he wrote.