Yandex internal security team uncovers data breach
Yandex (NASDAQ and MOEX: YNDX), one of Europe’s largest internet companies and the leading search and ride-hailing provider in Russia, today announced that a data breach had been discovered during routine screening by Yandex’s security team.
0
External
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain. The employee was one of three system administrators with the necessary access rights to provide technical support for the service. As a result of his actions, 4,887 mailboxes were compromised. No payment details held by Yandex were compromised.
Yandex’s security team has already blocked unauthorized access to the compromised mailboxes. We have contacted the mailbox owners to alert them about the breach and they have been informed of the need to change their account passwords.
A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures. This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.
We apologize to the users who have been affected by this incident.