A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum.
The threat actor behind the post claimed to have obtained 44.7 GB of files in July 2022, all the files are dated back to 24 February 2022 (the date of the Russian invasion of Ukraine).
The leaked repository contained the source code for all major services of Yandex, including: Search Engine and Indexing Bot, Maps – Like Google Maps and Street View, Alice – AI assistant like Siri / Alexa, Taxi – Uber-like taxi service, Direct – Ads service like Google Ads / Adwords, Mail – Mail service like GMail, Disk – File storage service like Google drive, Market – Marketplace like Amazon, Travel – Like a Booking.com plus Airplane, Train and Bus tickets, Yandex360 – Like Google Workspaces for services on your own domain, Cloud – Probably not all infrastructure code was leaked., Pay – Payment processing like Stripe, but with a limited set of features, Metrika – Like Google Analytics.
The company started investigating the data leak, however, pointed out that user data were not compromised and platform performance was not impacted.
Source: https://securityaffairs.com/141382/data-breach/yandex-code-repositories-leaked.html
"id": "YAN21827123",
"linkid": "yandex",
"type": "Data Leak",
"date": "01/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"