Yahoo engineer is sentenced to five years’ probation after hacking 6,000 email accounts in search of sexually explicit photos and videos
- Reyes Daniel Ruiz was sentenced to give years’ probation and house arrest
- Ruiz was an engineer at Yahoo between 2009 and 2019
- He used his access to steal an estimated 2 TB’s of sexually explicit media
- The images and videos were stolen from an estimated 6,000 victims
An ex-engineer at Yahoo will avoid jail time after hacking into more than 6,000 email accounts in search of sexually explicit images.
According to court documents obtained by ZDNet, Reyes Daniel Ruiz of Tracy, California will be put on five years’ probation and be subject to a home confinement order after a ruling last week.
Ruiz will also be required to pay a $5,000 fine and $118,456 to Yahoo, which is now called Oath, as part of the ruling.
Over a period of 10 years, Reyes David Ruiz used his access to Yahoo’s backend to hack the email accounts of friends and coworkers in search of sexually explicit photos and video (stock)
ZDNet reports that the light sentence was given as a result of Ruiz’s cooperation in the investigation and the fact that he didn’t publish the images online.
Ruiz accessed the accounts during a tenure at Yahoo from 2009 to 2019, when he worked as a ‘reliability engineer’ among other roles.
Using his access to Yahoo’s backend he was abled to steal ‘hashed’ passwords which he then cracked and used to illegally log into accounts of women, including some personal friends and coworkers.
Ruiz was estimated to have stolen between 2 terabytes of data for a total of between 1,000 to 4,000 images and videos.
Court documents say that Ruiz downloaded photos and videos and then stored them on a hard drive in his home.
Ruiz also used the stolen credentials to compromise accounts of victims at other service like Apple iCloud, Gmail, Hotmail, Dropbox, and Photobucket.
According to court documents, Ruiz’s activity was noticed by other Yahoo engineers in 2018 and was later reported to police.
Once Ruiz became aware that the company and police were alerted of his activity he destroyed the hard drive.
AS a result, US prosecutors were only able to identify 3,137 of the estimated 6,000 total victims according to ZDNet.