Former Yahoo engineer pleads guilty to hacking 6,000 user accounts

Reyes Daniel Ruiz hacked thousands of Yahoo user accounts to steal sexual videos and images of young women

A former Yahoo employee has pled guilty to hacking nearly 6,000 Yahoo users' accounts and searching for the personal data of the account holders, including of his former colleagues.

According to the US Attorney's office in the Northern District of California, Reyes Daniel Ruiz admitted on Monday in a federal court in San Jose that he abused the access provided to him to illegally hack into thousands of Yahoo user accounts in a bid to steal sexual videos and images of young women.

According to a statement by FBI Special Agent in Charge John F. Bennett and US Attorney David L. Anderson, Ruiz, who was employed as a software engineer at Yahoo, targeted younger women, including his friends and office colleagues.

The indictment claimed that Ruiz started hacking into users' accounts in May 2018. He cracked account passwords and then took advantage of his access to Yahoo's internal systems to break into the accounts. He stole private videos and images stored in those accounts and kept the data on his personal computer.

He also hacked victims' other accounts, such as Facebook, Gmail, iCloud and Dropbox, in search of more videos and images.

Ruiz's hacking operation continued for about a month. He left Yahoo in July 2018 and joined Okta, a security technologies provider.

Ruiz's suspicious activities were eventually tracked by Yahoo, following which he admitted to destroying the hard drive and the computer on which he stored the stolen videos and images.

He was indicted by a federal court in April this year on charges of computer intrusion and wire communication interception but, under the plea agreement, he pled guilty to one count of computer intrusion charge.

Upon his indictment, Okta also terminated Ruiz from his employment.

He now faces a $250,000 fine and up to five years in prison. His sentencing hearing is scheduled for 3^rd February 2020.

This is not the first instance of Yahoo (now known as Altaba) being involved in the breach of user data.

Last year, the company paid $47 million to settle three lawsuits over its mishandling of data breaches that occurred in 2013 and 2014. In that breach, attackers compromised the company's servers twice and were able to steal personal data for nearly 3 billion accounts.