Search This Blog

Showing posts with label Yandex Security. Show all posts

Yandex Suffers Data Breach, Exposes Email Accounts

 

Russian internet and search organization Yandex declared on Friday that one of its system administrators had enabled unapproved access to a huge number of client mailboxes. The organization found the breach internally, during a standard check of its security team. The investigation uncovered that the employee’s activities prompted the compromise of almost 5,000 Yandex email inboxes. This employee was one of three system administrators, who had the access privileges to offer technical support for mailboxes, said Yandex.

“A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures,” said Yandex’s Friday security advisory. “This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.” 

As indicated by Verizon's 2020 Data Breach Investigations Report (DBIR), internal actors were behind 30% of breaches (with the dominant part, or 70%, coming from external actors). An insider threat could leave organizations spiraling from financial or brand damage – but additionally an absence of ensuing trust from clients. In a recent January case, for example, a former ADT employee was found adding his own email address to the accounts of attractive women, so he could have around-the-clock access to their most private moments. In December, a former Cisco Systems employee was condemned to two years in prison, subsequent to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Furthermore, in October, Amazon fired an employee who shared clients' names and email addresses with a third party. 

“Yandex’s security team has already blocked unauthorized access to the compromised mailboxes,” the organization says, adding that the proprietors have been cautioned of the breach and that they need to change their account passwords. Because of the occurrence, Yandex will make changes to the administrative access procedure to expand the security of client information. As indicated by the organization, payment details have not been affected. While this information breach deserves serious scrutiny, Yandex confronted a graver threat in the past, when Western intelligence agencies compromised their systems with Regin malware. 

The assault occurred between October and November 2018, and it targeted technical information regarding user account authentication, Reuters learned at that point. Yandex recognized the assault and said that it was detected and neutralized before it brought on any harm.

Yandex.Money to reissue customer cards after hacking


The electronic payment service Yandex.Money will re-issue the cards of its customers, the data of which users stored on one of the hacked servers.

Earlier, one of the Telegram channels reported that the attackers took possession of a full dump of the database network of electronic money exchangers. According to the channel, they are trying to sell a dump containing logins, names, addresses, partially decrypted passwords of user ID-wallets, card numbers and their balance for 50 thousand dollars.

According to Yandex Representatives, all information was taken from a third-party server through which users exchanged funds. As a result of verification, Yandex found out that a private website was hacked.

It’s important to note that scammers will not be able to use payment information, since all transactions require a number of actions confirming the operation.

"All wallet transactions require a payment password, card transactions also require 3Ds confirmation, but in any case, we will reissue all cards whose details have been made public," the company said.

QIWI Technical Director Kirill Ermakov told that the leak does not relate to the compromise of QIWI databases and does not pose a threat to users.

"The data of third-party services that are not related to QIWI were leaked. We take the protection of personal data of our customers very seriously and constantly inform customers that they can not leave their personal data and data to enter your personal account on third-party resources," he said.

Last week, hackers posted information about the sale of data cards of customers of Sberbank. The authors of the announcement stated that their database contains 60 million entries. Initially, the Bank confirmed that the data of 200 customers had leaked, but later Sberbank admitted that the leak affected 5 thousand customers. According to the credit institution, their data is safe. Sberbank found a suspect in the leak, he was an employee of the Bank.

Yandex responded to a Reuter’s article on hacking by Western intelligence agencies


Russian Internet giant Yandex reported that hackers working for Western intelligence had access to the company's systems for several weeks. Yandex stated that the hacking attempt was neutralized immediately.

Yandex claims that hackers did not get access to user data. Moreover, the attack did not cause any damage. Sana Paritova, the Head of corporate communications of Yandex, stated, "We can assure you that the attackers are unable to access data of users of Yandex services.”
Yandex specialists “promptly identified and neutralized at the beginning” the hacking attempt.

The company stated, “Yandex, as well as all the major Internet companies,  are regularly confronted with various types of cyber threats. Our corporate policy does not imply the dissemination of detailed information about such cases.”

Recall that the Agency Reuters reported that in October or November 2018, hackers working for Western intelligence services hacked the company in order to spy on user accounts. According to the Agency, employees of Western intelligence agencies have installed a malicious program Regin used by the Five Eyes Alliance. This program allows them to impersonate users and access their messages.

The malicious software involved in the hacking is used by the United States, the United Kingdom, Australia, New Zealand and Canada. It was not possible to determine which country was behind the attack.

The article states that hackers were interested in technical information that allows them to understand how Yandex identifies user accounts. Possessing it, foreign intelligence could impersonate the user and gain access to their messages. The ultimate goal of the hacking was espionage, it was not an attempt to steal intellectual property.

Sources also said that hackers had access to Yandex systems for at least a couple of weeks.

The company turned to Kaspersky Lab, which found that the target of the attack was a group of Yandex developers.

It’s interesting to note that Yandex is working in the field of information technology. It owns the eponymous search engine on the Internet, an Internet portal, a number of different information services.

Recall that earlier EhackingNews was reported that cyber attacks with the use of the Troldesh encryption virus, also known as Shade, XTBL, Trojan.Encoder.858, Da Vinci and No_more_ransome, have again increased in Russia.

Yandex announced the prevention of a large and very dangerous cyber attack


Greg Abovskii, the operational and financial Director of Yandex, spoke about the prevention of planned and dangerous cyber attacks on the Internet company. According to him, it was planned for a very long time and was very dangerous.

Yandex specialists managed to find and suspend the actions of the attackers, working together with Kaspersky Lab specialists.

Abovskii said, "Only by working together we were able to prevent, identify, isolate a cyber attack."

According to him, it is important for the Department of Information Security that the experts work together, cooperate with each other.

The press service of Yandex reported, "Sometimes these attacks are well-prepared, but we care about the security of user data and use all available tools to protect, including cooperation with specialists. We can’t disclose details of this attack, but we can say that user data were not affected.”

It is worth noting that this week it became known that the Federal Security Service (FSB) demanded encryption keys of services Yandex.Disk and Yandex.Mail. This happened a few months ago, but Yandex still has not fulfilled the requirements of the security forces.

The Russian Deputy Prime Minister Maxim Akimov promised that the Government would protect Yandex from excessive administrative pressure. According to the official, the Government will do everything possible to ensure that Russian companies, which are global leaders in some important areas, are not affected. He noted that Yandex is important not only for the national but also for the global economy.

Yandex.Mail and Yandex.Disk are included in the register of organizers of information distribution. Under the law of the Russian Federation, special services can obtain data to decrypt messages from their users upon request. There are 10 days to fulfill such requirements.

On June 4, the press service of Yandex stated that the company is against the violation of data privacy.

Recall that in 2018, the Court blocked the Telegram Messenger on the territory of Russia for refusing to provide encryption keys to Russian security agencies.

Hackers used the Roskomnadzor registry for attacks on Yandex


 Yandex and several other major Russian resources a few days ago were subjected to a powerful DNS-attack. The attackers used vulnerabilities in the system of blocking sites.

"Any company and any website can suffer from such actions, " said a representative of the Press Service of Yandex.

The reason for the attack was a discovered vulnerability in the blocking system of Roskomnadzor websites. The criminals carried out the attack using DNS by changing the entries in the domain name system. They linked the addresses of new attacked sites with already blocked domains. So they managed to restrict access to the pages.

As a result, some user services were extremely slow. This was due to the fact that many operators carried out all traffic to these pages through a system of the Deep Packet Inspection — DPI.

The blocking of IP-addresses of the company Yandex was avoided, as the employees of the organization successfully repelled the attack for several days. The publication suggested that the hacker attack could be associated with the adoption of the law on the sustainability of the Runet: the problems were fixed during the rally.

The vulnerability exploited by the attackers has been known since 2017.

*Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)