Last year, we talked about former Yahoo engineer Reyes Daniel Ruiz, who worked at the company for more than 10 years (from 2009 to 2019) and used his official position: he got access to the mailboxes of young women and stole frank from there Photo and video.
In total, Ruiz hacked over 6,000 accounts, some of which belonged to his colleagues and girlfriends. He used his access to the Yahoo backend to gain access to hashed passwords, and then cracked them and entered other people's Yahoo Mail accounts. From the mailboxes of his victims, the hacker stole erotic images and videos that he stored at home on his hard drive.
In addition, Ruiz used access to compromised mailboxes to hack into other victims' accounts, including iCloud, Facebook, Gmail, DropBox and so on (for which victims used Yahoo mail during registration). To do this, he requested a password reset on third-party sites and received a letter to his address in Yahoo mail. After Ruiz continued to search for explicit content on these accounts. It is believed that he hacked approximately 100 accounts in iCloud, Gmail, Hotmail, Dropbox and Photobucket.
According to investigators, Ruiz tried to destroy his home “archive” and a computer, where he stored all the downloaded images and videos, when Yahoo finally noticed suspicious activity and launched an investigation into it. He later admitted this to the FBI. Due to destruction of the hard drive, the prosecution was able to identify only 3137 of the approximately 6,000 affected.
In total, Ruiz stole about 2 TB of data from users and stored from 1000 to 4000 private images and videos.
This month, the court finally sentenced Ruiz: the stalker received five years probation and was placed under house arrest, that is, he is allowed to leave the house only for travel to work, religious activities, visiting a doctor or performing duties prescribed by the court. Ruiz will also pay a fine of $ 5,000 and indemnify Yahoo for $ 118,456.
Such a mild sentence is explained by the fact that Ruiz collaborated with the investigation and never published the stolen data on the Internet.