A Yandex source code repository that was apparently taken by an ex-worker of the Russian IT giant has been published on a prominent cybercrime forum. The accused perpetrator of this theft is Yandex’s former employee. The leaker published a magnet link containing what they assert to be “Yandex git sources,” which include 44.7 gigabytes of data that were taken from the corporation in July of 2022. It is said that these code repositories include all of the company’s source code, with the exception of the anti-spam regulations.
An claimed ‘Yandex git sources’ may be accessed using a magnet link that is included in the notice that was posted on BreachForums. The threat actor that is responsible for the post states that they received 44.7 GB of data in July 2022, and the dates on all of the files range back to February 24th, 2022. (the date of the Russian invasion of Ukraine). The threat actor asserts that all of the source code can be found in the repositories, with the exception of the anti-spam rules.
Arseniy Shestakov, one of the researchers, just released a comprehensive study of the compromised repository, which seems to include the source code for all of Yandex’s most important services, including the following:
Shestakov also uploaded a directory listing of the files that were compromised onto GitHub, making it possible for anybody interested to examine the compromised source code.
Regarding the data that was compromised, Shestakov said, “There are at least some API keys, although it’s probable that they’ve simply been used for testing deployment.”
- Search Engine and Indexing Bot
- Maps – Like Google Maps and Street View
- Alice – AI assistant like Siri / Alexa
- Taxi – Uber-like taxi service
- Direct – Ads service like Google Ads / Adwords
- Mail – Mail service like GMail
- Disk – File storage service like Google drive
- Market – Marketplace like Amazon
- Travel – Like a Booking.com plus Airplane, Train and Bus tickets
- Yandex360 – Like Google Workspaces for services on your own domain
- Cloud – Probably not all infrastructure code was leaked.
- Pay – Payment processing like Stripe, but with limited set of features
- Metrika – Like Google Analytics
The breach does not include any customer data, thus it does not pose a direct danger to the privacy or security of Yandex consumers. Additionally, the leak does not immediately threaten to disclose Yandex’s unique technology. This information was provided by a former top executive.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.