Sunday, June 15, 2025
HomeCyber Security NewsYandex Denies Hack - Source Code Leaked on Popular Hacking Forum

Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

Published on

SIEM as a Service

Follow Us on Google News

The source code of Yandex, the largest IT company in Russia and commonly referred to as the Russian Google, was hacked by attackers.

On a well-known hacker site, a Yandex source code repository purportedly stolen by a former employee of the Russian technology giant was leaked as a torrent.

Specifics of the Yandex Data Leak

A magnet link with 44.7 GB of files purported to be from “Yandex git sources” that were allegedly taken from the company in July 2022 was shared by the leaker yesterday. 

- Advertisement - Google News

Apart from anti-spam guidelines, these code repositories are said to contain all the company’s source code.

Yandex repository leaked on hacker forums
Yandex repository leaked on hacker forums

Arseniy Shestakov, a researcher who claims to have investigated data leaks, states that the leaked Yandex Git repository includes technical data and code about the products such as:

  • Yandex search engine and indexing bot
  • Yandex Maps
  • Alice (AI assistant)
  • Yandex Taxi
  • Yandex Direct (ads service)
  • Yandex Mail
  • Yandex Disk (cloud storage service)
  • Yandex Market
  • Yandex Travel (travel booking platform)
  • Yandex360 (workspaces service)
  • Yandex Cloud
  • Yandex Pay (payment processing service)
  • Yandex Metrika (internet analytics)

“There are at least some API keys, but they are likely only been used for testing deployment only,” according to Shestakov.

The company informed Russian media that it was aware of the leak and that an inquiry had been started to determine how “fragments of the source code” ended up in the public domain.

Moreover, Yandex emphasized that the company was not “hacked” because the leaked files only contained code fragments from an internal repository that utilized different data from the repository’s most recent version.

Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services”.

“A repository is a tool for storing and working with code. Code is used in this way internally by most companies”.

“Repositories are needed to work with code and are not intended for the storage of personal user data. We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance.”, Yandex.

A former senior systems administrator, deputy chief of development, and director of spreading technologies at Yandex,  Grigory Bakunov said the data breach was motivated by politics, and the rogue Yandex employee who was in charge of it didn’t try to sell the code to competitive firms.

He continued by saying that as the breach does not include any customer information, neither does it directly harm the privacy or security of Yandex customers or pose a threat to confidential or proprietary information.

“Yandex uses a monorepo structure called ‘Arcadia,’ but not all of the company’s services use it. Also, even just to build a service, you need a lot of internal tools and special knowledge, as standard building procedures do not apply.

The leaked repository contains only code; the other important part is data. Key parts, like model weights for neural networks, etc., are absent, so it’s almost useless.

Still, there are a lot of interesting files with names like “blacklist.txt” that could potentially expose working services”.

But according to Bakunov, the exposed code gives hackers the chance to find security holes and craft specialised exploits. Bakunov thinks it’s just a matter of time. Hence, a complete study of the disclosed code may reveal potential vulnerabilities at Yandex for threat actors.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...