Reyes Daniel Ruiz admitted he had “hacked” about 6,000 accounts, seeking sexual images and videos.
The US Department of Justice said Ruiz had “cracked” user passwords and accessed internal Yahoo systems while hunting for pornography.
Ruiz also used access to Yahoo accounts to target other online services users had signed up for.
In a statement, the DoJ said the access Ruiz had attained to Yahoo user data had helped him “compromise” Apple iCloud, Facebook, GMail, Dropbox and other online accounts.
And he had used his access to the accounts to reset passwords so he could access the other systems.
Ruiz had targeted friends, co-workers and many young women during his hacking campaign, the DoJ said.
He had copied many of the images and videos he had found and kept the material at his home.
And soon after Yahoo discovered his activities, in 2018, Ruiz had destroyed the computer and hard drives on which the stolen data had been stored.
Ruiz was charged in April this year and has now signed an agreement with the DoJ which will see him pleading guilty to one count of computer intrusion.
He is due to be sentenced in February 2020. The maximum jail term for computer intrusion is five years plus a fine of $250,000 (£203,000) and damages.