A former Yahoo employee has pleaded guilty to hacking thousands of customer accounts in search of sexual images and videos.
Reyes Daniel Ruiz, 34, of Tracy, California, admitted in a San Jose federal court on Monday to hacking around 6000 accounts — targeting those belonging to young women, including friends and colleagues.
He is said to have copied the content to a hard drive at home, although Ruiz destroyed it after his employer raised the alarm about suspicious activity.
It’s unclear exactly how he actually compromised the accounts, but the Department of Justice claimed he was first able to “crack” user passwords to access internal Yahoo systems.
Once inside, he was then able to compromise other accounts, including iCloud, Facebook, Gmail and DropBox — presumably if password reset emails were sent to the hacked Yahoo accounts.
Ruiz was charged with one count of computer intrusion and one count of interception of a wire communication. Under a plea agreement he admitted to the first charge, which carries a maximum sentence of five years behind bars plus a fine of $250,000.
Carl Wearn, head of e-crime at Mimecast, argued that all organizations should have measures in place to mitigate the insider threat, and claimed the incident shows that password resets represent a serious business risk.
“We need to make it harder for hackers to trickle into a number of systems from one weak point. A starting point is to monitor systems for unusual behavior. A pattern of multiple employees resetting passwords, for example, should trigger a warning,” he added.
“Additionally, there should always be multiple administrators so that access privileges are not abused. Businesses may not be able to prevent every employee from using their skills or access for malicious means, but they can put a plan in place for spotting and tackling such behavior.”