Russian internet giant Yandex has denied that some of its internal source code was hacked after it was posted online.
Leakers have posted 44.7GB worth of files on a prominent hacking forum, which they describe as “Yandex git sources,” as a torrent that is believed to contain most of the company’s source code.
The files are believed to date back to February 2022, and while the leak does contain some API keys, these are believed to be for test deployments only.
fake help desk email
BleepingComputer reports that Preliminary Analysis of Documents (opens in a new tab) Software engineer Arseniy Shestakov noted that technical data and code for many of Yandex’s top products appears to be included.
Affected platforms include Mail, Disk, and Yandex Pay — the company’s email, cloud storage, and payment processing services, respectively. But oddly enough, its anti-spam rules aren’t.
Yandex denied that its systems had been hacked, instead accusing a former employee of leaking the source code repository.
“Yandex was not hacked. Our security services discovered code snippets from an internal repository in the public domain, but the content was different from the current version of the repository used in the Yandex service,” the company told BleepingComputer in a statement.
“We are conducting an internal investigation into the reasons for releasing the source code snippet to the public, but we do not see any threat to user data or platform performance.”
The news comes shortly after the UK’s National Cyber Security Center (NCSC) warned of ongoing cyberattacks by Russian and Iranian hacking groups.
While the two groups do not appear to be in collusion, they have separately targeted the same types of organizations, which last year included government agencies, NGOs, organizations in the defense and education sectors, as well as individuals such as politicians, journalists and activists.
pass: Beep computer (opens in a new tab)
