Reyes Daniel Ruiz plead guilty in federal court in San Jose, CA to hacking into the accounts of nearly six thousands of Yahoo user’s in search of private and personal records, primarily looking for sexual images and videos of the account holders, announced United States Attorney David L. Anderson and Federal Bureau of Investigation Special Agent in Charge John F. Bennett.
Ruiz, a former Yahoo software engineer, admitted to using gaining access to these accounts through his work at the company hacking into thousands of Yahoo accounts. Ruiz cracked user passwords and accessed internal systems to compromise the accounts. Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He admitted to making copies of images and videos that he found in the personal accounts without permission, and stored the data at his home on a hard drive.
With access to the Yahoo accounts, Ruiz also compromised most of the linked accounts such as Facebook, Gmail, DropBox, iCloud and other online accounts in search of more private images and videos. He did this by requesting password resets on the third-party sites, which he received inside the victim’s Yahoo! inboxes. Ruiz then continued his search of personal, mostly sexual, images and videos on these new accounts. Once his employer noticed the suspicious account activity, he destroyed the computer and the hard drive.
Ruiz was indicted by a federal grand jury on April 4th 2109 and charged with one count of computer intrusion and one count of interception of a wire communication.
However, under the plea agreement, Ruiz has pledged guilty to a single count of computer intrusion, for which he could face up to five years in prison and a $250,000 restitution fine for his victims. He is currently on release on a $200,000 bond as he awaits his sentence hearing on February of next year.
This bizarre yet true story should serve as an example to implore employers to investigate if their current security policies in the company are up-to-date and does the organization have advanced monitoring procedures in place. We can’t stress enough the importance of hiring the right people. Hiring and maintaining a core team built of qualified and ethical employees, as well as maintaining proper security procedures, makes it is possible for a business to avoid scenarios such as this story from Yahoo!