Yahoo Engineer Hacks 6k Accounts for Porn, But Gets No Jail Time
A former Yahoo engineer was sentenced to five years of probation and home confinement for hacking into the personal accounts of more than 6,000 Yahoo Mail users to search for sexually explicit images and videos.
Reyes Daniel Ruiz, 34, of Tracy, California, will only be allowed to leave his home for work, religious activities, medical appointments, or court-related obligations.
The judge also ordered Ruiz to pay a $5,000 fine and $118,456 in restitution to Yahoo (now Oath), according to court documents obtained by ZDNet.
Ruiz committed his crimes while working at Yahoo as a reliability engineer and in other roles between 2009 and July 2019.
Court documents say Reyes used his access to the Yahoo backend to obtain access to hashed passwords and then proceeded to crack the password strings to access Yahoo Mail accounts of younger women, including personal friends and work colleagues.
Once he gained access to the accounts, Ruiz searched for sexually explicit images and videos, which he downloaded and stored on a personal hard drive at home.
Investigators also said that Ruiz also used the hacked Yahoo email accounts to compromise victim profiles at other third-party services where victims used the Yahoo email address to register accounts and store personal files. He is believed to have hacked an additional 100 accounts at services like Apple iCloud, Gmail, Hotmail, Dropbox, and Photobucket.
Ruiz’s hacking spree was detected by other Yahoo engineers in June 2018 and later reported to authorities. Ruiz also became aware that his intrusions were discovered by Yahoo’s staff on the same day, and destroyed his personal hard drive, according to court documents.
Ruiz stopped working at Yahoo in July 2018, and the FBI searched his home a month later, in August. Ruiz admitted to agents that he destroyed the hard drive.
He was formally charged a year later in April 2019 and pleaded guilty in September. He was initially scheduled for sentencing in February, but the hearing was delayed due to the coronavirus pandemic.
Because Ruiz destroyed his personal hard drive, US prosecutors said they only managed to identify only 3,137 of the estimated 6,000 total victims.
The defendant received a lenient sentence due to his cooperation in the investigation and because he never published the images online.
Court documents say Ruiz collected around 2 TB of data, believed to be between 1,000 and 4,000 private images and videos.
READ MORE HERE