Tuesday, October 15, 2024
HomeCyber Security NewsYandex Denies Hack - Source Code Leaked on Popular Hacking Forum

Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

Published on

Malware protection

The source code of Yandex, the largest IT company in Russia and commonly referred to as the Russian Google, was hacked by attackers.

On a well-known hacker site, a Yandex source code repository purportedly stolen by a former employee of the Russian technology giant was leaked as a torrent.

Specifics of the Yandex Data Leak

A magnet link with 44.7 GB of files purported to be from “Yandex git sources” that were allegedly taken from the company in July 2022 was shared by the leaker yesterday. 

- Advertisement - SIEM as a Service

Apart from anti-spam guidelines, these code repositories are said to contain all the company’s source code.

Yandex repository leaked on hacker forums
Yandex repository leaked on hacker forums

Arseniy Shestakov, a researcher who claims to have investigated data leaks, states that the leaked Yandex Git repository includes technical data and code about the products such as:

  • Yandex search engine and indexing bot
  • Yandex Maps
  • Alice (AI assistant)
  • Yandex Taxi
  • Yandex Direct (ads service)
  • Yandex Mail
  • Yandex Disk (cloud storage service)
  • Yandex Market
  • Yandex Travel (travel booking platform)
  • Yandex360 (workspaces service)
  • Yandex Cloud
  • Yandex Pay (payment processing service)
  • Yandex Metrika (internet analytics)

“There are at least some API keys, but they are likely only been used for testing deployment only,” according to Shestakov.

The company informed Russian media that it was aware of the leak and that an inquiry had been started to determine how “fragments of the source code” ended up in the public domain.

Moreover, Yandex emphasized that the company was not “hacked” because the leaked files only contained code fragments from an internal repository that utilized different data from the repository’s most recent version.

Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services”.

“A repository is a tool for storing and working with code. Code is used in this way internally by most companies”.

“Repositories are needed to work with code and are not intended for the storage of personal user data. We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance.”, Yandex.

A former senior systems administrator, deputy chief of development, and director of spreading technologies at Yandex,  Grigory Bakunov said the data breach was motivated by politics, and the rogue Yandex employee who was in charge of it didn’t try to sell the code to competitive firms.

He continued by saying that as the breach does not include any customer information, neither does it directly harm the privacy or security of Yandex customers or pose a threat to confidential or proprietary information.

“Yandex uses a monorepo structure called ‘Arcadia,’ but not all of the company’s services use it. Also, even just to build a service, you need a lot of internal tools and special knowledge, as standard building procedures do not apply.

The leaked repository contains only code; the other important part is data. Key parts, like model weights for neural networks, etc., are absent, so it’s almost useless.

Still, there are a lot of interesting files with names like “blacklist.txt” that could potentially expose working services”.

But according to Bakunov, the exposed code gives hackers the chance to find security holes and craft specialised exploits. Bakunov thinks it’s just a matter of time. Hence, a complete study of the disclosed code may reveal potential vulnerabilities at Yandex for threat actors.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...