Product reviews, deals and the latest tech news

Yandex claims that a rogue employee is to blame for the breach and that it was not hacked

Although part of its internal source code was leaked online, the Russian internet giant Yandex has claimed it was the victim of a hack.

It is suspected that the leaker published the majority of Yandex’s source code, which is 44.7GB in size, as a Torrent on a popular hacker site.

The leak contains some API keys, however they were likely only used for testing purposes and date back to February2022, when the files were first discovered.

Imaginary emails purporting to come from the support staff

Software expert Arseniy Shestakov performed an initial investigation of the files and found what looked to be technical data and code for several of Yandex’s main products.

The company’s email service, cloud storage service, and payment processing service were all impacted by the outage. Curiously, however, its anti-spam regulations were not.

In response to reports that its systems had been compromised, Yandex said an ex-employee was responsible for releasing the company’s source code.

“There was no hack on Yandex. Code snippets from an internal repository were discovered by our security team in the wild, but their contents were outdated compared to the repository currently in use by Yandex’s services “in a statement to BleepingComputer, the business said.

“We do not detect any danger to user data or platform performance, but we are initiating an internal inquiry into the reasons for the release of source code fragments to the public.”

The announcement follows a warning made by the UK’s National Cyber Security Centre (NCSC) about ongoing assaults from Russia and Iran.

Though they don’t seem to be working together, the two groups have been targeting the same government agencies, NGOs, military contractors, universities, and activists over the last year.