Internal Leak of 4,887 Users: Yandex Employee Fate Unknown
Russian web titan Yandex NV suffered an insider breach. An employee was selling sensitive user data to anyone who would pay, says Yandex.
The perp was an admin of the firm’s email service, Yandex.Mail. It’s alleged they’d sold access to almost 5,000 mailboxes.
No word on what’s happened to the scrote. In today’s SB Blogwatch, we visualize them chopped up and hidden in matryoshka dolls.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Drivelsieve.
$YNDX Stays Schtum
What’s the craic? Catalin Cimpanu reports—“Yandex said it caught an employee selling access to users’ inboxes”:
The company … said the person “[had] access rights to provide technical support” for its Yandex.Mail service. … Yandex officials also said they re-secured the compromised accounts and blocked what appeared to be unauthorized logins. They are now asking impacted account owners to change their passwords.
…
The Russian company said that a “thorough internal investigation” of the incident is currently underway. [It said] it plans to make changes to how its administrator staff can access user data [and] said it referred the incident to authorities. A spokesperson did not return a request for comment.
And Ionut Ilascu picks up the other shoe—“Yandex suffers data breach”:
The employee’s actions led to the compromise of almost 5,000 Yandex email inboxes. … It is unclear when the employee started to offer unauthorized access to third parties.
…
While this data breach deserves serious scrutiny, Yandex faced a graver threat in the past: … Western intelligence agencies compromised their systems with Regin malware [in] 2018.
Yikes! This is terrible. Yandex PR flak Ilya Grabovskiy puts her best foot forward—“security team uncovers data breach”:
The employee was one of [only] three system administrators with the necessary access rights to provide technical support for the service. … No payment details held by Yandex were compromised.
…
We apologize to the users who have been affected by this incident. For customer support … please contact [email protected]
Yan-who? Lindsey O’Donnell has an “unconventional” grasp of geography—“Yandex Data Breach”:
Yandex — one of Europe’s largest internet companies … is the most-used search engine in Russia and the fifth most-popular search engine worldwide. Beyond its search engine, Yandex’s internet product lineup includes email services, online advertising, app analytics and more.
…
Insider threats can be non-malicious – such as a mistake by an employee. … Or, as in this incident, they can be malicious. … An insider threat could leave companies spiraling from financial or brand damage – but also a lack of subsequent trust from customers.
Only in Russia, eh? Not so, says u/Typo_Tim:
In the Netherlands they caught a government healthcare call center employee selling COVID database records containing social security number, name, address, phone number, persons they had contact with and test results. These people are everywhere—some countries are a bit more represented or make it easier to do so, but it is happening everywhere.
That’s quite scary. And throwawaysea agrees:
That’s quite scary. I wonder if something like this is possible at Google or Microsoft or Yahoo? Even if multiple people need to approve that kind of access, it must be possible to socially overcome those barriers (via influence, bribery, etc.) if the right actors can be identified. It would be preferable to have control over this from the user-side.
Something must be done! But guruevi defends the status quo:
At some point you have to give someone the keys. Many of us have access to data centers with millions of dollars of equipment and potentially billions of dollars of information. There are hundreds of ways to sniff network traffic or compromise servers without any passwords if you have physical access.
It doesn’t matter that you have the latest and greatest firewalls and intrusion detection. Someone will have to reset the passwords, someone will have to create the user accounts.
Perhaps Yandex’s response was commendable? Well, u/conditae certainly seems to think so:
An internal investigation caught the leak and they were quick to react. In comparison, I lost my Yahoo account due to “suspicious activity” and only TWO years later they had admitted to being hacked. … I was able to confirm that my account was (permanently!) suspended because of being in the hacked batch and not because of something I had done.
…
For anyone thinking logically, it would be safe to deduce how Russians were more transparent and responsible than the Americans in this case.
The moral of the story? Here’s rtb61:
People with passwords: Pay them real well. They basically hold the corporation’s life in their hands.
[But] access to email account? Really odd. … Sounds more like commercial and industrial espionage. The pattern behind the selections of the exposed users could reveal a lot.
Every nation in the world faces that problem. The tech people with the keys are paid a whole lot less than the bean counters at the top and this presents real security problems, which has been exposed repeatedly … and will continue to be in the future. The bribes can be massive as billions can be made, you know crash tech companies security and it’s stock price will crash and it competitors stock price will rise. A lot of money in puts and shorts using insiders to create that rise and fall in tech corporation share values.
Meanwhile, u/thedude213 simply scoffs, slightly sarcastically:
Sketchiest site on the open web does sketchy ****: Story at 11.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Eduardo Casajús Gorostiaga (via Unsplash)
