Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Former Yahoo Employee Pleads Guilty to Hacking Accounts

A former Yahoo employee has pleaded guilty to hacking thousands of customer accounts in search of sexual images and videos.

Reyes Daniel Ruiz, 34, of Tracy, California, admitted in a San Jose federal court on Monday to hacking around 6000 accounts — targeting those belonging to young women, including friends and colleagues.

He is said to have copied the content to a hard drive at home, although Ruiz destroyed it after his employer raised the alarm about suspicious activity.

It’s unclear exactly how he actually compromised the accounts, but the Department of Justice claimed he was first able to “crack” user passwords to access internal Yahoo systems.

Once inside, he was then able to compromise other accounts, including iCloud, Facebook, Gmail and DropBox — presumably if password reset emails were sent to the hacked Yahoo accounts.

Ruiz was charged with one count of computer intrusion and one count of interception of a wire communication. Under a plea agreement he admitted to the first charge, which carries a maximum sentence of five years behind bars plus a fine of $250,000.

Carl Wearn, head of e-crime at Mimecast, argued that all organizations should have measures in place to mitigate the insider threat, and claimed the incident shows that password resets represent a serious business risk.

“We need to make it harder for hackers to trickle into a number of systems from one weak point. A starting point is to monitor systems for unusual behavior. A pattern of multiple employees resetting passwords, for example, should trigger a warning,” he added.

“Additionally, there should always be multiple administrators so that access privileges are not abused. Businesses may not be able to prevent every employee from using their skills or access for malicious means, but they can put a plan in place for spotting and tackling such behavior.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Airbus Suppliers Hit in State-Sponsored Attack

2
News

Hearing Aid Giant Warns of $95m in Ransomware Losses

3
News

German Police Bust Dark Web Hosting Cyber-Bunker Business

4
Blog

FBI: Israel Used StingRays to Spy on the US

5
News

BlackBerry Launches New Cybersecurity Development Labs

6
News

Senate Passes Ransomware Law

1
News

#VB2019: Magecart Attack Groups Move to More Targeted Efforts

2
News

#VB2019: NCSC Reflects on Three Years of Countering and Attribution

3
News

Two-Thirds of Firms Have Suffered ERP Data Breaches

4
News

WEF: Cyber-Attacks Are Biggest Business Risk in Europe and US

5
News

Former Yahoo Employee Pleads Guilty to Hacking Accounts

6
Opinion

Is IAM a Pink Elephant in Businesses?

1
Webinar

Mitigating the Spear-Phishing Attack Threat

2
Webinar

DNS: From Security Risk to Defensive Asset

3
Webinar

Preventing Email Data Breaches: A Modern Approach

4
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
Webinar

Common IAM Fears and How to Overcome Them

1
Interview

Interview: Matt Davey, COO, 1Password

2
Opinion

The CFO’s Perspective: Steps to Quantifying Cyber Risk

3
News

#44CON: GPS Trackers Hacked to Make Premium Rate Calls

4
News Feature

Infosecurity Magazine Online Summit 2019: A Preview

5
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

6
Opinion

Debunking Five Myths about Zero Trust