Former Yahoo Engineer Pleads Guilty To Hacking User Emails in Search For Porn

A former Yahoo software engineer pleaded guilty yesterday to hacking into the personal accounts of over 6,000 Yahoo users, in search of sexual images and videos. From a report: Reyes Daniel Ruiz, 34, of Tracy, California, worked for more than ten years for Yahoo!, where he served as a reliability engineer for the company's Yahoo! Mail service, among other roles. According to court documents, Ruiz used the access to Yahoo!'s internal network that his job provided to crack users' passwords and gain access to their email accounts. In total, he accessed about 6,000 accounts, most belonging to younger women, including personal friends and work colleagues. Once in, he searched and downloaded images and videos, which he stored at home on a hard drive. Ruiz also used access to the hacked Yahoo! email inboxes to compromise accounts at services like Apple iCloud, Facebook, Gmail, DropBox, and others, where the victims used the Yahoo! email address to register accounts. He did this by requesting password resets on the third-party sites, which he received inside the victim's Yahoo! inboxes. Ruiz then continued his search of personal images and videos on these new accounts.

Who still use's Yahoo for email?

[pgmrdlm]

Just asking? Or did this engineer hack archived emails or something?

Re:

[OffTheLip]

My Dad, but he is close to 90 years old. That's about it I believe.

Re:

[BosstonesOwn]

So that is the last email user, can you politely ask him to sign out and delete the account so we can shut off the last server?

Thank you.

Re:

[meta-monkey]

Well tell him to stop emailing dick pics.

Re:

[olsmeister]

I have a couple of junk accounts still that I've had forever. I still use them for things that require an e-mail address but that I don't want to give a "good" one to. (Not porn though... :) )

Re:

[DickBreath]

A friend, uh, yeah, that's it, a friend I know has hundreds of old accounts.

Re:

[cayenne8]

I know a lot of people still have Yahoo email accounts. Some are jumk ones, but I know a that set this up as their primary email account back in the day, and have never found good reason to drop it in favor of a new one.

I guess don't fix what ain't broke you know?

But my question is, with all the FREE pr0n out there, why is this guy jumping through so many hoops and putting his freedom at danger which plenty of pr0n is out there just a click away?

You'd think he'd heard of pornhub by now?

Re:

[meta-monkey]

Thrill of seeing stuff people don't want you to see?

Re:

[nukenerd]

I think it the headline is misleading to call it pr0n. He was hacking into people's personal accounts which may or may not have included revealing images and probably mostly did not. It sounds more like simple nosiness.

Re:

[thegarbz]

I do. Not that I've ever used their website for anything. Yahoo has provided POP/IMAP access since back when Hotmail was still a thing.

Re:

[110010001000]

I do. They are great for throwaway email addresses. I think they were one of the last the required phone number linkage too, so you could setup an infinite number of them.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Narcocide]

I know tons of people still using yahoo mail, including most the members of my family. It is actually hugely popular despite the conspicuous lack of security.

Hope he wrote an AI to do the searching for him...

[mosel-saar-ruwer]

I hope the dude wrote at least a rudimentary AI to do the searching for him.

Cauce clicking through 6000 accounts by hand woulda left him with such horrible Carpal Tunnel Syndrome in his hands that those very same hands wouldn't have been of any use to him when he actually stumbled upon some quality pr0n...

PS: PR0N ADDICTION ISRAEL!!!!!

Get off teh t00bz & back into meatspace.

Lift.

Eat Keto/Paleo.

Learn GAME!!!!!

So ...

[Martin S.]

So abusing root privilege now counts as hacking, I'm sure the script kiddies will be pleased.

Re:

[Ryzilynt]

So abusing root privilege now counts as hacking, I'm sure the script kiddies will be pleased.

Read it again

Re:

[Calydor]

When you start using the credentials you scoop up with your root access to gain access on OTHER machines, sites etc. then yes, it's hacking. Or does brute force attempts using a leaked list of credentials not count as hacking in your world?

Re:

[BringsApples]

Hacking, adjective: Attempting, over and over, in a methodical way, to achieve something that's outside of the original design.

Just because you're an admin on the server doesn't mean that it's not a hack. It's certainly low-hanging fruit, nothing to beat your chest about, but it's hacking for sure. Especially since the word "hacking" has become a term.

Long shot?

[LatencyKills]

I'm curious to know what percentage of accounts actually got him porn.

Re:Long shot?

[110010001000]

Probably a lot out of 6000 accounts. Quite a few women like to send pictures of themselves in various states and just assume it is private. At least I heard that was true. As a Slashdotter it never happened to me of course.

Re:

[110010001000]

Thanks Dad!

Re:

[LatencyKills]

Ditto. My dating years passed prior to email - I was born in the wrong era.

Blackmail material

[Sigma 7]

In total, he accessed about 6,000 accounts, most belonging to younger women, including personal friends and work colleagues.

Personal friends/colleagues? Seems more like blackmail material.

Of course, if he was just searching for porn for consumption reasons... that's rather silly considering there's websites that give them out for free - one of which is now doubling up as a popular imageboard while being the cesspool of the Internet.

Re:

[110010001000]

Really? You have never wanted to see pictures people you know vs people you don't?

Re: Blackmail material

[desertfoxmb]

Oh, I didn't realize I'd stepped into the part of the internet where public conversations were actually private and enforced by anon. Motivation is irrelevant. By claiming there might be some understandable motivation, it's an attempt to lessen the magnitude of the action.

Re:

[swillden]

Oh, I didn't realize I'd stepped into the part of the internet where public conversations were actually private and enforced by anon. Motivation is irrelevant. By claiming there might be some understandable motivation, it's an attempt to lessen the magnitude of the action.

You're being ridiculous.

Motivation is not the same thing as justification. If a person murders another person we often look for the motivation, even when it's clear that the killing is unjustified. Maybe it was a drug deal gone bad, or a man killing his wife's lover. We can understand the motivation without approving the action. In fact in criminal cases we generally need to understand the motivation as part of proving ill intent, which is a required element of the crime that has to be proved for convi

Re:

[desertfoxmb]

I'm not the one in question here. The criminal who did it is. He *did* commit a crime to satisfy his perverted curiosity. Everyone has mentally undressed another human being. That is genetically driven behavior. However, given that the person in question *did* commit a crime, then asking the question about his motivation is, in my opinion, going towards justification of his particular criminal behavior. But I'm happy to let it rest and be considered ridiculous.

Re:

[swillden]

However, given that the person in question *did* commit a crime, then asking the question about his motivation is, in my opinion, going towards justification of his particular criminal behavior.

So is examining the motive of every criminal always "going towards justification"?

I learned Linux because of porn..

[sqorbit]

Being a young man in the 90s lead me to learn the Linux shell that our local dial up BBS provider had to access the internet. Once I realized there were horrible quality gifs of naked ladies doing much more than I ever saw in playboy I knew I had to try out the internet! Now I'm 20 years into an IT career and using Linux everyday. Thank you naked ladies!

Re:

[BioNTechKid]

I wish I had point to upvote you, because this made me laugh =D

Not searching for porn. Visual rape ..

[desertfoxmb]

Goes beyond even a peeping tom because of the level of violation and the fact that the visuals can be shared and remain in public forever. The law needs an update in this realm (and many other tech related realms). Just getting a hacking charge isn't sufficient.

Re:

[Thrakkerzog]

I hear what you're saying, but very much dislike the term "visual rape" as it lessens the actual meaning of "rape".

Re:

[desertfoxmb]

How about technological sexual exploitation? He was using technology to get his jollies at the expense of the rights of others. I get what you're saying on the term of rape. What's a word that is in between voyeur (minimal harm) and rape (personal, physical and mental harm) that doesn't diminish rape? We need that word and an appropriate charge for it.

Re:

[desertfoxmb]

And by "minimal harm" re: voyeurism, I mean that there is no record of it which can be shared with the world, there is no physical harm. There is still an unacceptable and harmful invasion of privacy which should be redressed.

Re:

[Narcocide]

I'll one up you here. I don't think there's a chance in hell voyeurism or curiosity had anything to do with this. Sure, 10-20 people closely related to him by blood or circumstance, that might be curiosity. But 6000? No, 6000 is a hunting expedition. This asshole was a paid spy. He should be investigated for espionage and treason. The pr0n is just a lame cover story, planned ahead of time as a diversionary tactic.

Keep doing what you're good at.

[godel_56]

From the end of the FA:

Ruiz stopped working at Yahoo! in July 2018. He's currently employed at a Silicon Valley tech company specialized in SSO (single sign-on) solutions.

So this character that has just pleaded guilty to hacking has a job writing security applications.

people

[cascadingstylesheet]

No system (private or public) is better than the people who staff it.

Somebody has to have the guns, and/or somebody has to have root (depending on context). And that somebody is going to be a fallible (dare I say sinful?) human being.

Seems like an awful lot of work ...

[rnturn]

... to find porn. Most people find it without having to hack emails.

Maybe he had blackmail in mind.

Hacking for porn?

[superdave80]

pleaded guilty yesterday to hacking into the personal accounts of over 6,000 Yahoo users, in search of sexual images and videos.

So, this guy has never heard of the internet?

Re:

[Narcocide]

Yes, the payoff does not seem in proportion to the risk. You're on the right track. Now just ask yourself "What if he was looking for something else and the porn was just a cover story?"