The system administrator of Russian company sold thousands of user email accounts.
Yandex Suffers Data Breach
During routine screening, Yandex identified a data breach — an employee provided unauthorized access to users’ mailboxes for personal gain.
A largest internet, the leading search and ride-hailing provider in Russia, announced a data breach in a press release.
However, Yandex’s security team identified that an employee providing access to users mailbox “for personal gain.”
In addition, an employee — one of three system administrators, whose name not disclosed , with the necessary access rights to provide technical support” for its Yandex.Mail service.
Yandex internal security team discovered the incident during a “routine screening“.
On the other hand, there are mentioned 4,887 mailboxes were compromised.
Fortunately, No payment details compromised in the breach, the company added in press release.
Now, the company is in process for of notifying the owners of the 4,887 mailboxes. Also, recommending their users to change their passwords immediately.
Yandex’s security team has already blocked unauthorized access to the compromised mailboxes.
Moreover, the company is also making changes to administrative access procedures. This will help minimize the possibility of insider threat actors in future.