A Yahoo employee has been found guilty of hacking the inboxes of 6,000 users of the company’s service. The engineer invaded the privacy of the users in order to look for private sexual content belonging to the users — both images and videos. The Department of Justice has issued a press release on the matter.
Yahoo Employee Used Company Access To Break Into 6,000 Inboxes
Reyes Daniel Ruiz, a Yahoo employee has been found guilt by the Court in San Jose for breaking into the inboxes of company users. His motives appear to be searching for personal adult content — private photos and videos. He admitted that he used his company access in order to break into them. The Department of Justice published a press release giving further information on the latest Yahoo abuse case. It appears that this time the issue comes from an employee of the company who was found guilty of accessing private inboxes. According to the investigation reports Reyes Daniel Ruiz used his service access and cracked the passwords of 6,000 inboxes that belong to young women in order to search for their private adult content — both photos and videos. The described “pervert employee” has been found to also target personal friends and colleagues as part of his operations.
Copies of the found data were made without the users knowing about it, Ruiz had also taken the sensitive at his home. Using the compromised inboxes he also used it to break to other services that were registered using them, including the following:
- iCloud
- DropBox
- Gmail
- Other Yahoo Services
When the security systems belonging to Yahoo detected the suspicious activity Ruiz deleted the gathered data and wiped the hard drive thereby destroying the direct evidence. According to the press release the verdict of guilty was given to him as he confessed to the crimes. The DOJ reports the following summary of the court case:
Ruiz, 34, of Tracy, California, was indicted by a federal Grand Jury on April 4, 2019. He was charged with one count of Computer Intrusion, in violation of 18 U.S.C. § 1030(a)(2)(C), and one count of Interception of a Wire Communication, in violation of 18 U.S.C. § 2511(1)(a) and (4)(a). Under the plea agreement, pled guilty to the count of Computer Intrusion.
Ruiz is currently on release pursuant to the conditions of an unsecured $200,000 bond.
Ruiz’s sentencing hearing is scheduled for February 3, 2020 at 1:30 p.m. before The Honorable Edward J. Davila, U.S. District Court Judge, in San Jose. The maximum statutory penalty for each count in violation of Computer Intrusion, 18 U.S.C. § 1030(a)(2)(C), is five years imprisonment and a fine of $250,000, plus restitution. However, any sentence will be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.
Daniel Kaleba is the Assistant U.S. Attorney who is prosecuting the case with the assistance of Tong Zhang. The prosecution is the result of an investigation by the Federal Bureau of Investigation.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: