Reyes Daniel Ruiz, responsible for the Yahoo cyberattack pleaded guilty to the unauthorized access of 6,000 Yahoo accounts on Monday. The hacker revealed that the attack occurred mainly to look for sexual content from users’ personal accounts.
Ruiz worked as a former software engineer at Yahoo. He used his position at Yahoo to unlawfully access thousands of accounts using cracked passwords and his workplace’s internal systems.
The former Yahoo employee confessed to using his access to target young women, even workmates and friends. He scoured the accounts for sexual images and videos, then made copies of these compromising content. Ruiz used his home network to store the stolen data.
After obtaining access to user profiles, he also figured out a way to get into various online accounts. This includes iCloud, Facebook, DropBox, and Gmail. EndGadget said that Ruiz used password recovery methods to enter these accounts to look for more sensitive content.
Ruiz has been with the firm for over 10 years, during which, he was assigned to do various tasks. His responsibilities included working to ensure the reliability of Yahoo! Mail.
Yahoo ejected the hacker after learning of his crimes. When the company noticed malicious activities from the criminal’s end, the hacker reportedly “[destroyed] the computer and hard drive.” Today, he works at a technology-focused company, which “specializes in single sign-on solutions.”
Authorities nabbed Ruiz this year. Consequently, a federal grand jury indicted Ruiz on April 4, 2019, for “computer intrusion and intercepting a wire communication.” The hacker admitted guilt in front of a San Jose federal court under a plea agreement. CBS said that the U.S. Attorney David L. Anderson and FBI Agent in Charge John F. Bennett publicized Ruiz’ plea.
The former employee is currently on release “on the conditions of an unsecured bond” amounting to $200,000. He waits for conviction as the sentencing will be conducted on February 3, 2020. The sentence could reach up to 5 years of prison time with a fine of $250,000 and restitution.
Meanwhile, the company will pay users with compromised accounts in response to a class action settlement. Compensation from a settlement fund of $117,5000,000 will be given to affected users.
However, only those who had an account from January 1, 2012, to December 31, 2016, are qualified for compensation. These accounts include Fantasy Sports, Finance, Tumblr and Flickr. Only individuals from the US or Israel are qualified.