A former Yahoo! software engineer, who spent more than a decade working for the internet giant, has pleaded guilty on Monday 30 September 2019 to accessing thousands of email accounts belonging to Yahoo! customers while in search of sexually explicit images and videos.
Reyes Daniel Ruiz, the 34-year-old resident of Tracy, California, confessed to abusing his company access rights, accessing internal systems and “cracking” passwords, according to a statement released by the U.S Attorney’s office in Northern California.
During May and June 2018, Ruiz accessed over 6,000 accounts, hunting for nude photos and videos. His primary targets were young women, including work colleagues and friends.
Not satisfied by just the email accounts, Ruiz used the stolen credentials to access many of the hacked users’ other online accounts. These included DropBox, iCloud, Facebook and Gmail, all in search of smutty material.
The material he found was then copied to his computer at home, where he stored it until Yahoo! became suspicious. He admitted to the court that he destroyed his computer and hard drive when he heard that Yahoo! had detected and begun investigating suspicious account activity.
He left Yahoo! in July 2018 to work for an organisation that handles single sign-on solutions and was indicted by a federal judge on April 4 2019.
So far the engineer has been charged with one count of wire communication interception and one count of computer intrusion. The plea agreement made allowed him to only plead guilty on the charge of intrusion.
His sentencing hearing is scheduled for February 2020, where he reportedly faces up to 5 years in prison and a $250,000 fine with restitution.
This is yet another story adding weight to the use-case for two-factor authentication (2FA) and multiple passwords. Had the Yahoo! accounts utilised 2FA, he would have had a much harder time accessing the email accounts. As for the other online accounts (Facebook, DropBox etc), the simple use of multiple passwords, instead of reusing the same one, would have solved the problem.
Stay vigilant, hackers aren’t just out for business credit card numbers and company files. Your very personal data is at risk.
The fastest and most effective route to good cyber hygiene is with targeted Security Awareness Training. At Phishing Tackle, we strive to maintain our status as the world’s most cost-effective method in reducing cyber risk. Check out our free cost calculator, it might surprise you just how affordable we are.