A former Yahoo software engineer has pleaded guilty to improperly accessing the accounts of around 6,000 Yahoo users in search of nude photos and videos. The news, outlined in a press release from the US Attorney’s Office for the Northern District of California, says programmer Reyes Daniel Ruiz used his privileges at Yahoo to crack user passwords and access the accounts of primarily younger women, including friends and co-workers.

It is unclear if Ruiz’s ability to access Yahoo accounts was directly a result of his employee status ⁠— meaning Yahoo routinely let employees access sensitive user information, like passwords or account recovery keys ⁠— or if he simply used internal knowledge of Yahoo’s cybersecurity protections and backend infrastructure to legitimately hack into users’ accounts. At the moment, the only public information on the case beyond the press release is a sealed indictment.

It’s unclear exactly how Ruiz compromised Yahoo users’ accounts

Regardless, Ruiz moved on from compromising Yahoo accounts to using information gleaned from email messages and the account’s login access to compromise iCloud, Facebook, Gmail, Dropbox, and other accounts, according to the press release. Yahoo parent company Verizon Media, formerly known as Oath, did not immediately respond to a request for comment.

Yahoo discovered Ruiz’s activity by monitoring his employee account, prompting him to destroy a computer and hard drive on which he was storing the stolen photos and videos. Ruiz, who is 34 and hails from Tracy, California, was charged with one count of computer intrusion and one count of interception of a wire communication.

He signed a plea agreement pleading guilty to the computer intrusion charge following a federal grand jury indictment in April. He’s expected to be sentenced in February of next year, and faces a maximum penalty of five years in prison and a $250,000 restitution fine for his victims.