Russian search engine, email provider, and ride-hailing company Yandex have suffered a data breach initiated by one of its employees. A company’s press statement indicates that the unnamed employee was selling access to user email accounts for personal gains.
Yandex breach came to light during a routine security check. The incident has affected a total of 4,887 accounts.
The firm confirms that the employee in question was among the three system administrators with clearance to access rights to offer technical support for the service.
Yandex also highlights the mitigation measures put in place following the breach. The statement notes that:
“Yandex’s security team has already blocked unauthorized access to the compromised mailboxes. We have contacted the mailbox owners to alert them about the breach, and they have been informed of the need to change their account passwords.”
As a result of the breach, Yandex will make changes to the administrative access procedure to increase user data security. At the same time Yandex has also contacted law enforcement.
The breach comes barely a week after Yandex announced plans to launch a non-cash payment service dubbed Yandex Pay. Yandex Pay will be available on Yandex web pages.
Yandex Regin malware attack
This is the second high profile breach to affect Yandex in about two years. Towards late 2018, it emerged that Western Intelligence operatives infiltrated Yandex with the Regin malware.
The malware allegedly intended to spy on user accounts. Yandex acknowledged the attack stating it was detected and neutralized before further damage.