Russian internet giant Yandex has denied suffering a cyberattack after some of its internal source code was leaked online.
The leaker posted 44.7GB worth of files, which they say are “Yandex git sources,” as a torrent on a well-known hacking forum, presumably including much of the company’s source code.
The files are believed to date back to February 2022, and while the leak contains some API keys, these were presumably only used to test the deployment.
Fake helpdesk emails
BleepingComputer reports that a first analysis of the files (opens in new tab) by software engineer Arseniy Shestakov noted that specifications and code for many of Yandex’ top products appeared to be included.
Mail, Disk and Yandex Pay – the company’s mail, Cloud storage or payment processing services – were among the affected platforms. Oddly enough, the anti-spam rules weren’t.
Yandex denied that its systems had been hacked, instead accusing a former employee of leaking the source code repository.
“Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services,” the company BleepingComputer said in a statement.
“We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but see no threat to user data or platform performance.”
The news comes shortly after the UK’s National Cyber Security Center (NCSC) issued a warning about the constant cyberattacks being perpetrated by Russian and Iranian hacker groups.
Although the two groups do not appear to collude, they independently target the same types of organizations, which last year included government agencies, NGOs and organizations in the defense and education sectors, as well as individuals such as politicians, journalists and activists.
Above: Beeping computer (opens in new tab)
