A former Yahoo software developer charged with hacking into customer accounts escaped jail time last week. Reyes Daniel Ruiz, 35, received five years of probation for hacking accounts in the search for private images and videos with sexual content.
On September 30 2019, Ruiz, a 10-year veteran at Yahoo, pleaded guilty to unauthorized intrusion into around 6000 Yahoo accounts while working on the company’s mail engineering team. He cracked user passwords and access to internal Yahoo systems to compromise the accounts between 2012 and 2015. He would look at financial documents but focused mainly on private sexual images and videos, storing up to 4000 on his hard drive.
Ruiz targeted accounts belonging to younger women, including personal friends and work colleagues. After accessing the Yahoo accounts, he went on to snoop in around 100 other cloud service accounts belonging to the victims, including iCloud, Facebook, Gmail, Photobucket and Dropbox. He also used these accounts to find other victims.
On June 21 2018, other engineers at Yahoo (which by that time was called Oath) noticed suspicious account activities, prompting Ruiz to leave work early and begin destroying the evidence at home. Two months later, the FBI arrived at his house with a search warrant, and he confessed to agents that he had destroyed the evidence.
He was charged with computer intrusion and interception of a wire communication. He pleaded guilty to the former and was released on a $200,000 bond.
Along with a potential five-year jail sentence, Ruiz could have faced a fine of $250,000. However, the judge sentenced him to five years’ probation along with 12 months of home confinement and electronic monitoring. He must also pay $115,957 in restitution to Oath. Only 3137 of the hacked accounts’ owners could be identified because Ruiz destroyed the hard drive containing the identities of the remaining victims.
According to the sentencing memorandum, “none of the images or videos were shared. The defendant also stresses that he has never had any interest, nor did he take any action, to contact or meet the victims. He used the videos and images solely for his own self-gratification for which he is now very ashamed and remorseful.”