A Colorado Springs hacker who sold computer code that allowed people, including blackmailers, to scan Photobucket’s cache of 10 billion customer photographs and videos for nude and pornographic images and steal them was sentenced Tuesday to 29 months in prison.

Brandon Bourret, 41, was convicted in U.S. District Court in Denver of one count of conspiracy to commit computer fraud. He also was sentenced to three years of supervised release after prison.

“I don’t think you really understand what you did to other people,” Judge Wiley Daniel said shortly before sentencing Bourret. “You reveled in what you did.”

Bourret agreed to forfeit an extensive amount of computer hardware and the $49,153 in proceeds from sales of the application, named with a crude twist on the word Photobucket, to 1,739 customers. Daniel sentenced Bourret’s alleged accomplice, Athanasios Andrianakis, to probation that included 15 months of home detention. Daniel said the lesser sentence was offered to Andrianakis after a Photobucket employee testified that he had helped identify website vulnerabilities.

Bourret, who had a crew cut and was wearing a gray suit in court, said he broke out in a cold sweat and starting crying when FBI agents told him his clients had used his program to blackmail people and were sending the photos to victims’ family members and coworkers.

“Yes, seduced by money. I will not lie,” Bourret told the judge.

But Daniel said he found Bourret to be “glib.” The judge said he was not convinced Bourret was remorseful and said he seemed to blame everything on Andrianakis.

Denver-based Photobucket Corp. operates an image and video hosting website for 100 million users who store more than 10 billion photographs in public, private or password-protected photo albums, court records indicate.

Bourret sold the application, developed in 2006, under the online handle phatWares. The tool allowed his customers to gain illegal access to protected albums, according to a report that Bourret signed indicating it was factual.

In 2012, Bourret and Andrianakis developed the ability to find and copy, or “rip,” nude or sexually explicit images. They called security vulnerabilities “exploits” and pirated photographs “wins.”

They sold the software for $29.99, using PayPal to accept major credit cards.

The app allowed users to search for underage girls or someone of a specific race, or for a particular sexual activity. But at his sentencing Bourret said his software was not intended only to dredge up nude pictures; he had hoped law enforcement might use it.

Computer logs indicated that Bourret used his own software 18,557 times between June 18, 2012, and July 1, 2014, when FBI agents raided his home. He had at least 722 Photobucket account names with the account holder’s guest password. He admitted that his customers accessed the accounts of 1.9 million people or about 2 percent of their clientele.

Among the victims was a woman identified only be the initial K, said prosecutor David Tonini. In her victim impact statement, K wrote: “‘This will never go away.'”

She wrote that perverts were trading her images on the web and that those images will be circulated on the internet forever.

“It will impact her for the rest of her life,” Tonini said. “It’s heart wrenching to hear from these women.”

Bourret advertised on a website called Skch.me, using nude pictures pirated from Photobucket.

“Welcome to Skch.me, where you can find photos exposed, amateur girls, amateur sex videos and more!” Bourret’s ads said. “Rip ALL private albums by YOURSELF!”

One of his customers, who identified himself as “pinkmeth,” was blackmailing people with the private photographs and videos. One “exploit” made it dangerously easy to get someone’s e-mail.

“I honestly hope PB (Photobucket) patches that one soon so the blackmailers and white knights don’t set about ruining lives and ruining wins,” Bourret wrote to a customer.

Another man who bought the app was an admitted pornography addict who called himself “Mr. Herb” and used the software to track down nude pictures of women he had attended school with, Tonini said.

Photobucket officials learned about Bourret’s software in February 2013. Bourret was flooded with “takedown” requests from people whose private images were hosted without their permission.

Photobucket fixed the breach three times in May 2013, but Bourret simply released new “exploits.”

At one point Bourret boasted in an e-mail about how many identities of private Photobucket users he could discover.

“Doesn’t matter if it’s hundreds of IDs or hundreds of thousands of IDs,” he wrote, “I can handle it.”