2 min read

Former Yahoo employee admits he hacked 6000 users' accounts, stole nude photos and videos

Graham CLULEY

October 04, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Former Yahoo employee admits he hacked 6000 users' accounts, stole nude photos and videos

A former Yahoo software engineer has admitted hacking into thousands of Yahoo users’ accounts in a search for naked images and videos of young women.

34-year-old Reyes Daniel Ruiz, of Tracy, California, pleaded guilty in a federal court after admitting he exploited privileged access he had due to his job role to hack into approximately 6000 Yahoo accounts.

Cracking account passwords and accessing internal systems at Yahoo, Ruiz was able to break into the accounts of young women, including those belonging to personal friends and work colleagues. Images and videos stolen from the hacked accounts were then copied onto computers in Ruiz’s home.

I imagine it’s a pretty awful experience knowing that a hacker has gained access to your email account and accessed your most private photos and videos. But it must be even worse when you realise it is someone in your social circle or one of your work colleagues that has seen pictures of you naked.

Seemingly, accessing Yahoo accounts wasn’t enough for Ruiz.

Because having compromised victims’ Yahoo accounts, Ruiz was then able to gain access to their other online accounts – including Apple iCloud, Dropbox, Facebook and Gmail – in his search for further private images and videos.

In all likelihood, Ruiz was able to use a couple of different techniques to access these non-Yahoo accounts.

If users had unfortunately made the mistake of reusing passwords, then it would be clearly be child’s play for Ruiz to use the same password to access, say, a Facebook account.

However, even if different passwords were in use then Ruiz would have been able to request a password reset be sent from the third-party site to the victim’s Yahoo account.

In both instances, the use of two-factor authentication might have made it more difficult for Ruiz to widen his search for nude photos to victims’ other accounts.

According to a DOJ press release, Ruiz’s activities were only spotted when Yahoo noticed suspicious account activity. In an attempt to destroy evidence, Ruiz then “destroyed the computer and hard drive on which he stored the images.”

Although charged with both computer intrusion and interception of a wire communication, under a plea agreement Ruiz has only pleaded guilty to the former charge.

Sentencing is currently scheduled for early February 2020, where Ruiz could face up to five years in prison and a $250,000 fine.

Questions will inevitably ask whether Yahoo had strong enough security in place to prevent its staff from abusing their access to internal systems and data.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read