Yahoo Engineer Used Insider Access to Get Private Photos of Women

Reyes Daniel Ruiz admitted to hacking, finding, and downloading the private images and videos of thousands of Yahoo users while he worked for the company.
A hand holding a phone displaying Yahoo Mail.
Image via Getty Images 

A former Yahoo software engineer pled guilty to using his work access to hack into thousands of Yahoo users' accounts, in search of private and personal records, including private images and videos of women he then downloaded.

According to a statement released Monday by the US Attorney’s Office for the Northern District of California, Reyes Daniel Ruiz admitted to cracking user's passwords and using internal Yahoo systems to access around 6,000 accounts. He also compromised the iCloud, Facebook, Gmail, DropBox, and other online accounts of those users, looking for more private content.


Ruiz admitted that he targeted accounts belonging to younger women, including friends and coworkers, according to the Department of Justice statement. Once he located the files, he downloaded and stored them at home on a hard drive—which he destroyed when the FBI investigation into his actions began.

According to his LinkedIn page, Ruiz worked at Yahoo for 10 years. Neither Yahoo nor its parent company Verizon immediately responded to a request for comment.

Are you aware of insider hacking or abuses of power happening within your company? Do you suspect you were a victim of insider hacking like this? We'd love to hear from you. Contact Samantha Cole securely on Signal at +6469261726, direct message on Twitter, on Wire at @samleecole or by email.

Ruiz was indicted by a federal grand jury in April on charges of computer intrusion and intercepting a wire communication.

Some news outlets reported that Ruiz currently works at a Silicon Valley company that provides single sign-on services. Although his LinkedIn says he still works at San Francisco based identity and access management company Okta as a senior-level engineer, Ruiz actually only worked there for six months: From October 2018 to May 2019.

After Ruiz was formerly charged in April and the indictment was unsealed, the company opened an investigation, revoked his access, and fired him a month later.

"The actions for which he was indicted all happened prior to his employment at Okta," a spokesperson for the company told Motherboard. "The privacy and security of our customers is our top priority, and immediately upon learning of the indictment, Ruiz’s access was revoked and Okta worked with a third party to conduct a forensic analysis, which confirmed that no company or customer data was compromised.”

Ruiz is scheduled to be sentenced in February 2020. He faces a maximum penalty of five years imprisonment, and a fine of $250,000, plus restitution to his victims.