Yandex's internal information leak exceeding 40 GB is an official comment that 'employees leaked', and a list of leaked files is also ant



On January 25, 2023, a hacker named borderline2023 reported that he had obtained a 44.71GB Git repository from Yandex, Russia's largest search site. Regarding this large-scale leak of internal information, Yandex announced a comment that 'the possibility of hacking is not considered and it is considered to be a leak by an employee.'

Yandex denies hack, blames source code leak on former employee
https://www.bleepingcomputer.com/news/security/yandex-denies-hack-blames-source-code-leak-on-former-employee/

Yandex Services Source Code Leak Arseniy Shestakov
https://arseniyshestakov.com/2023/01/26/yandex-services-source-code-leak/

Yandex is a major search site that is also called 'Russian Google', and like Google, it offers a variety of services such as map search, email service, and AI assistant. However, on January 25, 2023, a hacker named borderline2023 declared that he had obtained a 44.71GB Git repository from Yandex. Although the data obtained by borderline2023 did not include user data, it was talked about that it contained a large amount of data about Yandex's services.

Git repository of over 40 GB of Russian Google 'Yandex' leaked - GIGAZINE



Borderline2023 published the acquired data at the same time as the acquisition declaration of the Git repository. As a result of analyzing the published data by software engineer Arseniy Shestakov , it was found that the leaked data contained the source code of the following Yandex services.

・Yandex search engine and indexing bot
・Maps (map search service)
・Alice (AI assistant)
・Taxi (dispatch service)
・Direct (similar advertising system)
・Mail (free email service)
・Disk (cloud storage service)
・Market (online shop)
・Travel (travel support service)
・Yandex360 (a service that makes Yandex services available on its own domain)
・Metrika (website visitor analysis tool)

In addition to the above services, part of the source code of the payment service 'Pay' and the cloud computing service 'Cloud' has also been confirmed to have been leaked. Shestakov also publishes a list of leaked files on the following page.

File List for Yandex Source Code - FILENAMES ONLY! GitHub
https://gist.github.com/ArseniyShestakov/53a80e3214601aa20d1075872a1ea989



While a large-scale data leak became a hot topic, Yandex said to overseas media BleepingComputer, 'Yandex has not been hacked,' and admitted that a former employee leaked internal information. In addition, Grigory Bakunov , former senior system administrator at Yandex, said, ``The motivation for the data exfiltration was political, and the ex-employee who exfiltrated the data did not intend to sell the data to a competitor.'' ``The outflow data does not include user data and has no direct impact on user security or privacy, nor does it directly lead to the outflow of Yandex's proprietary technology.'

On the other hand, Mr. Bakunov also said, ``By analyzing the leaked data, hackers may identify vulnerabilities in Yandex and execute attacks,'' which is a security risk in the long run. acknowledge that it can occur.

in Security, Posted by log1o_hf