Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

The source code of Yandex, the largest IT company in Russia and commonly referred to as the Russian Google, was hacked by attackers.

On a well-known hacker site, a Yandex source code repository purportedly stolen by a former employee of the Russian technology giant was leaked as a torrent.

Specifics of the Yandex Data Leak

A magnet link with 44.7 GB of files purported to be from “Yandex git sources” that were allegedly taken from the company in July 2022 was shared by the leaker yesterday. 

Apart from anti-spam guidelines, these code repositories are said to contain all the company’s source code.

Arseniy Shestakov, a researcher who claims to have investigated data leaks, states that the leaked Yandex Git repository includes technical data and code about the products such as:

• Yandex search engine and indexing bot
• Yandex Maps
• Alice (AI assistant)
• Yandex Taxi
• Yandex Direct (ads service)
• Yandex Mail
• Yandex Disk (cloud storage service)
• Yandex Market
• Yandex Travel (travel booking platform)
• Yandex360 (workspaces service)
• Yandex Cloud
• Yandex Pay (payment processing service)
• Yandex Metrika (internet analytics)

“There are at least some API keys, but they are likely only been used for testing deployment only,” according to Shestakov.

The company informed Russian media that it was aware of the leak and that an inquiry had been started to determine how “fragments of the source code” ended up in the public domain.

Moreover, Yandex emphasized that the company was not “hacked” because the leaked files only contained code fragments from an internal repository that utilized different data from the repository’s most recent version.

“Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services”.

“A repository is a tool for storing and working with code. Code is used in this way internally by most companies”.

“Repositories are needed to work with code and are not intended for the storage of personal user data. We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance.”, Yandex.

A former senior systems administrator, deputy chief of development, and director of spreading technologies at Yandex,  Grigory Bakunov said the data breach was motivated by politics, and the rogue Yandex employee who was in charge of it didn’t try to sell the code to competitive firms.

He continued by saying that as the breach does not include any customer information, neither does it directly harm the privacy or security of Yandex customers or pose a threat to confidential or proprietary information.

“Yandex uses a monorepo structure called ‘Arcadia,’ but not all of the company’s services use it. Also, even just to build a service, you need a lot of internal tools and special knowledge, as standard building procedures do not apply.

The leaked repository contains only code; the other important part is data. Key parts, like model weights for neural networks, etc., are absent, so it’s almost useless.

Still, there are a lot of interesting files with names like “blacklist.txt” that could potentially expose working services”.

But according to Bakunov, the exposed code gives hackers the chance to find security holes and craft specialised exploits. Bakunov thinks it’s just a matter of time. Hence, a complete study of the disclosed code may reveal potential vulnerabilities at Yandex for threat actors.

Network Security Checklist – Download Free E-Book