Andrew Auernheimer has been convicted of unauthorized access and stealing the data of iPad users on carrier AT&T's 3G network.
Convicted on Tuesday in a Newark, New Jersey court, the 27 year-old New Yorker was found guilty of one count of "conspiracy to access the servers without permission", as well as one count of identity theft, according to Reuters.
A co-defendant, Daniel Spitler, plead guilty to the same charges and awaits sentencing.
The hackers face potentially five years in prison and a $250,000 fine on each count after allegedly stealing iPad user's email addresses and unique identifier codes -- used to connect the devices to the carrier's 3G network -- after exploiting a security flaw in AT&T's website in 2010.
Auernheimer and Spitler were arrested and charged in January 2011. Using a script called an account slurper, Auernheimer and Spitler were able to forcefully harvest at least 100,000 iPad users' data through matching email addresses with credit card identifiers. However, after the hack, AT&T removed the feature which allowed email addresses to be obtained.
Auernheimer appears rather upbeat about the verdict, tweeting to his followers:
The news agency reports that Tor Ekeland, a lawyer for Auernheimer said his client is currently free on bail, and will appeal the verdict in a Philadelphia court.
"We disagree with the prosecutors' interpretation of what constitutes unauthorized access to a computer under the Computer Fraud and Abuse Act," Ekeland said.
In a 2010 interview with sister site CNET, Auernheimer admitted to the data breach, but said it was done in order to warn AT&T of the security flaw and protect customers in the long run.