A former Yahoo software engineer, Reyes Daniel Ruiz, turned hacker was charged with hacking 6,000 plus Yahoo accounts, which included his friends and colleagues. Ruiz abused his role as a reliability engineer to access internal Yahoo systems to steal passwords and hack accounts.
Ruiz admitted to making copies of images and videos of users that he compromised and stored them at his home on personal systems. He didn’t stop there, after gaining yahoo access, he compromised other accounts, like Facebook, Gmail, iCloud and DropBox for additional media. I assume that users Gmail and Facebook password reset emails were sent to their Yahoo accounts to conceal the hack. Here is a case where two factor authentication would have tipped users off to their accounts being compromised.
I question what controls Yahoo had in place to audit Ruiz’s system access and operations.
Leave a Reply
You must be logged in to post a comment.