A software engineer at Yahoo stole sexual videos and images from thousands of young women’s accounts while working at the company.
Reyes Daniel Ruiz, who is no longer employed by Yahoo, pleaded guilty on Monday to using his work access to Yahoo’s systems to target the women.
The 34-year-old from Tracy, California, accessed 6,000 Yahoo accounts including those of personal friends and work colleagues, US prosecutors said.
He used his access to their credentials to then attempt to access their iCloud, Facebook, Gmail, and DropBox accounts to search for additional material.
When Yahoo discovered Ruiz’s activity he destroyed the computer and hard drive he had used to store the material he had stolen, according to the US Attorney’s office in the Northern District of California.
He pleaded guilty to one count of computer intrusion and faces five years in prison when he is sentenced on 3 February.
Ruiz’s abuse of his internal access to users’ accounts is the latest in a long line of serious security failings at Yahoo.
The company’s British subsidiary was fined £250,000 by the UK’s data watchdog in 2018 after losing the data of more than half a million people in a 2014 breach.
The fine was equivalent to less than 50p for each person in the UK affected by the loss, and followed a fine of $35m (£26m) by US regulators.
Although the data breach took place in 2014, Yahoo kept the loss of around 500 million international users quiet until 2016.
And in 2013, hackers managed to steal data belonging to three billion Yahoo accounts – something which the company did not acknowledge until 2016.
It was not until 2017 that the business admitted the size of the breach.