Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

The source code of Yandex, the largest IT company in Russia and commonly referred to as the Russian Google, was hacked by attackers.

On a well-known hacker site, a Yandex source code repository purportedly stolen by a former employee of the Russian technology giant was leaked as a torrent.

Specifics of the Yandex Data Leak

A magnet link with 44.7 GB of files purported to be from “Yandex git sources” that were allegedly taken from the company in July 2022 was shared by the leaker yesterday. 

Apart from anti-spam guidelines, these code repositories are said to contain all the company’s source code.

Yandex repository leaked on hacker forums

Arseniy Shestakov, a researcher who claims to have investigated data leaks, states that the leaked Yandex Git repository includes technical data and code about the products such as:

  • Yandex search engine and indexing bot
  • Yandex Maps
  • Alice (AI assistant)
  • Yandex Taxi
  • Yandex Direct (ads service)
  • Yandex Mail
  • Yandex Disk (cloud storage service)
  • Yandex Market
  • Yandex Travel (travel booking platform)
  • Yandex360 (workspaces service)
  • Yandex Cloud
  • Yandex Pay (payment processing service)
  • Yandex Metrika (internet analytics)

“There are at least some API keys, but they are likely only been used for testing deployment only,” according to Shestakov.

The company informed Russian media that it was aware of the leak and that an inquiry had been started to determine how “fragments of the source code” ended up in the public domain.

Moreover, Yandex emphasized that the company was not “hacked” because the leaked files only contained code fragments from an internal repository that utilized different data from the repository’s most recent version.

Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services”.

“A repository is a tool for storing and working with code. Code is used in this way internally by most companies”.

“Repositories are needed to work with code and are not intended for the storage of personal user data. We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance.”, Yandex.

A former senior systems administrator, deputy chief of development, and director of spreading technologies at Yandex,  Grigory Bakunov said the data breach was motivated by politics, and the rogue Yandex employee who was in charge of it didn’t try to sell the code to competitive firms.

He continued by saying that as the breach does not include any customer information, neither does it directly harm the privacy or security of Yandex customers or pose a threat to confidential or proprietary information.

“Yandex uses a monorepo structure called ‘Arcadia,’ but not all of the company’s services use it. Also, even just to build a service, you need a lot of internal tools and special knowledge, as standard building procedures do not apply.

The leaked repository contains only code; the other important part is data. Key parts, like model weights for neural networks, etc., are absent, so it’s almost useless.

Still, there are a lot of interesting files with names like “blacklist.txt” that could potentially expose working services”.

But according to Bakunov, the exposed code gives hackers the chance to find security holes and craft specialised exploits. Bakunov thinks it’s just a matter of time. Hence, a complete study of the disclosed code may reveal potential vulnerabilities at Yandex for threat actors.

Network Security Checklist – Download Free E-Book

Guru baran

Recent Posts

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own cloud vulnerabilities in their catalog. CVE-2023-6345 …

22 hours ago

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense for initial access. Qlik Sense is…

2 days ago

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer malware, and its new variant was being marketed in…

2 days ago

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was carried out, specifically targeting hotels and…

2 days ago

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially…

2 days ago

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious links within seemingly legitimate payment requests. …

3 days ago