No jail for Yahoo employee who used internal system to hack 6k accounts

The hacker and former Yahoo employee has been sentenced…

The hacker and former Yahoo employee has been sentenced to 5 years probation at home.

In 2019, a 34-year-old reliability former Yahoo engineer named Reyes Daniel Ruiz was charged for hacking the accounts of 6000 young women using the special access granted to him as an employee at Yahoo.

The accounts included those of his colleagues, friends, and strangers. By doing so, he was stealing private photos and videos of a sexual nature in bulk along with also targeting their Dropbox, Facebook, Gmail, and iCloud accounts.

This resulted in over 2 TB of data being collected which would put the number of files in a range of 1000-4000.

See: No prison for cyber criminal duo behind vDOS DDoS for hire service

Ruiz pleaded guilty back then in September 2019 accepting his crimes with his hearing scheduled for February 2020. However, it was delayed due to COVID-19 and now that it has been held, the decision can be touted as somewhat lenient.

According to the judgment, Ruiz has been sentenced to probation and house arrest for 5 years with terms that allow him only to leave his home for the following:

  1. Work
  2. Medical appointments
  3. Any religious duties
  4. Court related tasks

Furthermore, a fine of $5000 has been imposed with restitutory charges of $118,456 to compensate Yahoo for the damage he inflicted on them in terms of their reputation.

Various other conditions have also been specified serving as guidelines for the entire probation process. For example, it is compulsory for him to work at least part-time for 20 hours/week along with notifying the probation officer on a multitude of actions – even something as simple as deciding a new place to live at.

See: Russian hacker Aleksei Burkov jailed for 9 years in US

Normally, for a crime of this nature, the punishment would be more severe of up-to 5 years in prison and a fine of $250,000. In this case, though due to cooperating with the court on the proceedings of the case, having no criminal history, and never publishing any of the stolen content online, he was dealt with very leniently.

Concluding, we are yet to see how this is seen by various human rights and other advocacy groups in the United States who may see such a judgment to be contrary to the very spirit of deterrence that is required in criminal law. Firms too should take heed and be more careful in controlling employee access to prevent any misuse.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

1 comment
  1. Ridiculous! If it were in the single digits and over the course of several years, fine, five years probation would be acceptable… but SIX THOUSAND victims? The fact he took the abuse a step further and obtained access to accounts on other services (Dropbox, iCloud, etc) just highlights how determined he was to be a pervert. What a joke.

Comments are closed.

Related Posts