Former Yahoo engineer pleads guilty to hacking user emails in search for porn

Former Yahoo engineer accessed about 6,000 email accounts, primarily belonging to young women.

yahoo.jpg

A former Yahoo software engineer pleaded guilty yesterday to hacking into the personal accounts of over 6,000 Yahoo users, in search of sexual images and videos.

Reyes Daniel Ruiz, 34, of Tracy, California, worked for more than ten years for Yahoo!, where he served as a reliability engineer for the company's Yahoo! Mail service, among other roles.

According to court documents, Ruiz used the access to Yahoo!'s internal network that his job provided to crack users' passwords and gain access to their email accounts.

In total, he accessed about 6,000 accounts, most belonging to younger women, including personal friends and work colleagues.

Once in, he searched and downloaded images and videos, which he stored at home on a hard drive.

Ruiz also used access to the hacked Yahoo! email inboxes to compromise accounts at services like Apple iCloud, Facebook, Gmail, DropBox, and others, where the victims used the Yahoo! email address to register accounts.

He did this by requesting password resets on the third-party sites, which he received inside the victim's Yahoo! inboxes. Ruiz then continued his search of personal images and videos on these new accounts.

US investigators said Ruiz destroyed his home hard drive, where he was storing all the images and videos he downloaded, after Yahoo! noticed suspicious activity on some of the hacked accounts.

Ruiz actions were eventually discovered and reported to US law enforcement. The former engineer was formally charged in April 2019.

He pleaded guilty yesterday to one count of computer intrusion, under which he faces a maximum prison sentence of five years and a fine of up to $250,000. Ruiz's sentencing is scheduled for February 3, 2020. The former engineer has been released under a $200,000 bond.

Ruiz stopped working at Yahoo! in July 2018. He's currently employed at a Silicon Valley tech company specialized in SSO (single sign-on) solutions.