Russian internet giant Yandex has denied it suffered a cyberattack after some of its internal source code was posted online.
The leaker posted 44.7GB worth of files, which they say are "Yandex git sources", as Torrent on a well-known hacker forum, with much of the company's source code believed to be included.
The files are thought to date back to February 2022, and although the leak does contain some API keys, these are only thought to have been used for testing deployment.
TechRadar Pro needs you! (opens in new tab) We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Fake help desk emails
BleepingComputer reports that an initial analysis of the files (opens in new tab) by software engineer Arseniy Shestakov noted that technical data and code for many of Yandex's top products appeared to be included.
Mail, Disk and Yandex Pay - the company's email, cloud storage and payment processing services respectively - were among the platforms affected. Oddly enough, though, its anti-spam rules were not.
> Scammers are spoofing official UK Government Energy Support Scheme websites (opens in new tab)
> Chinese government hackers apparently stole millions in Covid benefits (opens in new tab)
> Here's our list of the best ID theft protection tools right now (opens in new tab)
Yandex denied that its systems had been hacked, instead blaming a former employee for leaking the source code repository.
"Yandex was not hacked. Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services," the company told BleepingComputer in a statement.
"We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance."
The news comes shortly after the UK's National Cyber Security Centre (NCSC) issued a warning over the continual cyberattacks perpetrated by Russian and Iranian hacker groups.
Although the two groups do not appear in be in collusion, they are separately attacking the same types of organizations, which last year included government bodies, NGOs, and those in the defense and education sectors, as well as individuals such politicians, journalists and activists.
- Here is our list of the best firewalls (opens in new tab) today
Via: BleepingComputer (opens in new tab)