A former employee of Yahoo has been sentenced and ordered to pay a fine after exploiting his privileged access to hack into the personal accounts of thousands of Yahoo users, in his hunt for naked photographs and videos of young women.
As we previously reported, 34-year-old Reyes Daniel Ruiz, of Tracy, California, admitted last year that he had cracked account passwords and abused internal systems at Yahoo, copying stolen explicit images and videos onto a personal hard drive at his home.
Amongst Ruiz’s more than 6000 victims were personal friends and work colleagues,
And, having breached Yahoo email acccounts, Ruiz took advantage of the situation to also break into Dropbox, Facebook, Gmail, Hotmail, Apple iCloud, and PhotoBucket accounts – after requesting password resets from the third-party sites be sent to the victim’s registered email address at Yahoo.
As ZDNet reports, court documents reveal that Yahoo Mail engineers were alerted to suspicious account activity on June 21 2018.
Ruiz became aware on the same day that his activities had been uncovered, and left work early to destroy evidence at his home – including the hard drive storing images, and a list of future intended victims he planned to hack.
On August 24 2018, the FBI searched Ruiz’s residence, and the by-now-dismissed software engineer admitted he had destroyed evidence, and that he had done so in an attempt to avoid prosecution.
That admission was a sensible decision by Ruiz, because a US court has decided that he will not have to serve any jail time for the hack.
Under normal circumstances, Ruiz could have faced up to five years in prison and a $250,000 fine. Instead he has been sentenced to probation and home confinement for five years, and ordered to pay a $5,000 fine and $118,456 in restitution to the hacked email provider.
Presumably, it also played in Ruiz’s favour that he had never been in trouble with the law before, had not distributed the stolen naked images and videos, had made not attempt to contact his victims, and purely used the material for “his own self-gratification.”
Nonetheless, that’s no excuse or waiver for what Ruiz did, and for the distress which his victims must have experienced when they discovered they had fallen victim to his plot.
Although there will be some who will feel that Ruiz should serve a jail sentence for what he did, and it’s understandable that his victims might feel rightly outraged that his sentence means he has avoided incarceration, reading his sentencing memorandum gave me the impression that his actions had already resulted in significant hardship.
Ruiz has only managed to get temporary, low-paid employment since he was dismissed by Yahoo, and his finances appear to be in dire straits. If he hadn’t cooperated with the authorities, or had shared the images online this story might have had a very different ending.
Hopefully this case will act as a warning to others – if you have an urge to see naked pictures and explicit videos of people, there are plenty of places you can find them legally on the internet. You don’t need to put your career and liberty at risk by hacking into innocent people’s accounts.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024