Yahoo’s god-awful reputation just keeps looking worse.
The website’s hacked and tattered remains were on display in federal court again this week when a former software engineer, Reyes Daniel Ruiz, admitted to breaking into around 6,000 accounts to steal “sexual images and videos” from “younger women, including his personal friends and work colleagues.”
Ruiz admitted to breaking into Yahoo accounts by cracking users’ passwords and “[accessing] internal Yahoo systems,” according to a release put out by the Department of Justice. Ruiz apparently downloaded images and videos from the personal Yahoo accounts, and went on to hack Yahoo users’ other accounts, including iCloud, Facebook, and Gmail accounts, “in search of more private images and videos.”
Ruiz pleaded guilty to a hacking charge on Monday and is scheduled to be sentenced in San Jose on February 3, 2020, according to the DOJ. The former Yahoo engineer faces up to five years in prison as well as a fine of up to $250,000.
The scale of Yahoo’s publicly known security issues was already well beyond satire. All 3 billion of the company’s accounts were compromised in 2013. There was another massive breach in 2014, and again, between 2015 and 2016.
Ruiz’s case is just one example of a tech worker abusing access to spy on users. According to a 2016 statement from Uber’s former forensic investigator, employees exploited the ride-sharing company’s creepy “god view” to spy on “high-profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses,” the Guardian reported. We’ve also heard about Google engineers allegedly spying on users.
Reached by Fast Company, a spokesperson for Yahoo’s parent, Oath, declined to publicly comment on Ruiz’s case.