Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
Californian Reyes Daniel Ruiz, who worked as a reliability engineer among other roles at Yahoo! from 2009 to 2018, abused his position by accessing Yahoo’s backend to steal “hashed” passwords, crack them and log into email accounts of women, including some coworkers.
Over the aforementioned period, Ruiz was able to get access to more than 6,000 Yahoo Mail accounts searching for sexually explicit photos and videos. Eventually, he managed to illegally obtain 2 terabytes of data containing from 1,000 to 4,000 private images and video files, and stored them on a personal hard drive.
Additionally, Ruiz used the stolen credentials to break into victims’ accounts at other services such as Gmail, Dropbox, Apple iCloud, Hotmail, and Photobucket.
Ruiz Pleads Guilty and Assists the Authorities
Ruiz’ illegal activities were discovered by Yahoo’s staff in mid-2018. After learning about it, Ruiz destroyed the hard drive. Given that, the Federal Bureau of Investigations was able to identify only 3,137 of the alleged 6,000 accounts. As a court file reads:
“The final tally of compromised accounts cannot be determined because Mr. Ruiz destroyed all the evidence of his illegal conduct, including the hard drive on which he stored the data, and the list of target accounts he maintained, before the FBI executed a search at his residence.”
Ruiz pleaded guilty to computer intrusion to obtain private information in September 2019 and was sentenced to five years of probation. He is now only allowed to leave home for work, court-related obligations, medical appointments, and religious activities.
Corporate Networks are Under Attack
In the meantime, hackers seem to have shifted their focus from individual servers to corporate networks. In the second half of 2019, the number of postings on illicit marketplaces offering access to corporate networks reportedly began surging.
Cyberattacks are reportedly growing in number due to the low barrier to entry. To resist attacks companies should “ensure comprehensive infrastructure protection, both on the network perimeter and within the local network. Make sure that all services on the perimeter are protected and security events on the local network are properly monitored to detect intruders in time.”
According to a recent report from the FBI, California, Florida, New York, Ohio, Texas, and Washington were the states with the highest victim monetary losses or number of victims in 2019.
Threat actors reportedly mostly fell back to Business Email Compromise/Email Account Compromise to break into personal or corporate email accounts aiming to obtain sensitive information and divert and request electronic wire transfers to fraudulent money accounts.
Subscribe to our Newsletter<
- Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Malware App Fakes Postal Service to Steal User Personal Data and Manipulate SMS Messages
- U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data
- FBI Names Six U.S. States Most Vulnerable to Online Attacks
- U.S. Accuses Julian Assange of Recruiting LulzSec and Anonymous Hackers to Steal Gov’t Documents for WikiLeaks