Reyes Daniel Ruiz, a former Yahoo! software engineer, has pleaded guilty to using his access privileges at the company to hack users’ accounts so that he could download private images and videos mostly belonging to young women.
A 10-year veteran of Yahoo!, Ruiz admitted to accessing around 6,000 accounts and storing the pilfered files at home. He then used these Yahoo! accounts as a stepping stone to compromise victims' iCloud, Facebook, Gmail, DropBox, and other online accounts to hunt for private images and videos. Ruiz destroyed the computer and drive housing the images after the FBI began probing his activities, according to a release from the U.S. Attorney’s Office in the Northern District of California.
Ruiz, 34, from Tracy, Calif., is out on $200,000 bond and faces as much as five years imprisonment and a $250,000 fine for each count of computer intrusion as well as restitution for his crimes.
“This is stark reminder that privilege policies can be a blunt tool and that the behavior of administrative users and others granted escalated privileges need not only to be managed but their use monitored, too,” said Matt Walmsley, EMEA Director at Vectra. “Trust but verify needs to be the maxim here.”
While Walmsley noted that while “there will always be misguided individuals, those who have poor judgement or are just plain bad or criminal,” it is remains a challenge for employers to weed out those high-risk employees “in cases where there are no prior convictions or criminal records.”
“We see here the damage they can do to individuals, and their employer’s reputation when they are able to operate unchecked,” he said. “I’m glad to see such abhorrent behavior will likely result in both custodial sentence and a significant fine plus restitution costs.”