Monday, April 14, 2025
Follow us On Linkedin
HomeCyber Security NewsYandex Data Breach - Employee Caught Selling Access to User Accounts

Yandex Data Breach – Employee Caught Selling Access to User Accounts

Cyber Security NewsData Breach

Published on

By Gurubaran
Yandex Data Breach

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Yandex N.V. is a Russian Dutch-domiciled multinational corporation providing Internet-related products and services including transportation, search and information services, eCommerce, navigation, mobile applications, and online advertising. They provide over 70 services.

Yandex is the popular leading search engine and E-mail provider in Russia. They announced that a data breach had been discovered during routine screening by Yandex’s security team.

An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain.

- Advertisement - Google News

The company said, “The person was one of three system administrators with the essential access rights to provide technical support for the service”, Yandex said in a statement.

Therefore of his actions, 4,887 mailboxes were compromised. No payment details held by Yandex were compromised.

Yandex’s security team has already blocked unauthorized access to the compromised mailboxes. The company’s officials also contacted the mailbox owners to alert them about the breach and they have been informed of the need to change their account passwords.

Detailed Internal Investigation is in Progress

A thorough internal investigation of the incident is in progress, and Yandex will be making changes to administrative access procedures.

These revisions will facilitate to minimize the potential for individuals to compromise the security of user data in future.

The company stated that the breach was discovered during routine screening by Yandex’s security team.

It is said that there was no proof, to suggest that user payment data was accessed during the recent incident. It’s not clear when the breach occurred or when the employee began offering unauthorized access to third-parties.

As a result, the Russian company apologized to the users who have been affected by this incident. Yandex also has contacted law enforcement regarding the incident.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Antivirus Firm Exposed Internal Log data Generated by their Products

Spotify Hack – Over 300k Accounts Hacked in Credential Stuffing Attack

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyber Security News

BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks

A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight...
AI

EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR),...
Cyber Attack

Morocco Investigation Major Data Breach Allegedly Claimed by Algerian Hackers

The National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on...
Cyber Security News

Smishing Campaign Hits Toll Road Users with $5 Payment Scam

Cybersecurity researchers at Cisco Talos have uncovered a large-scale smishing campaign targeting toll road...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Cyber Security News

BPFDoor Malware Uses Reverse Shell to Expand Control Over Compromised Networks

A new wave of cyber espionage attacks has brought BPFDoor malware into the spotlight...
AI

EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR),...
Cyber Attack

Morocco Investigation Major Data Breach Allegedly Claimed by Algerian Hackers

The National Social Security Fund (CNSS) of Morocco has confirmed that initial checks on...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved