>
Russian internet giant Yandex has denied it suffered a cyber-attack after some of its internal source code was posted online.
The leaker posted 44.7 GB of files, which they say are “Yandex git sources”, as Torrent on a known hacker forum, presumably containing much of the company’s source code.
The files are said to date back to February 2022, and while the leak contains some API keys, it is believed they were only used for testing the implementation.
Fake help desk emails
BleepingComputer reports that a initial analysis of the files (opens in new tab) by software engineer Arseniy Shestakov noted that technical data and code for many of Yandex’s top products appeared to be included.
Mail, Disk and Yandex Pay – the company’s email, cloud storage and payment processing services, respectively – were among the affected platforms. Oddly, however, the anti-spam rules weren’t.
Yandex denied that its systems had been hacked, instead blaming a former employee for leaking the source code repository.
“Yandex has not been hacked. Our security service found code snippets from an internal public domain repository, but the contents differ from the current version of the repository used in Yandex services,” the company told BleepingComputer in a statement.
“We are conducting an internal investigation into the reasons for releasing source code snippets to the public, but we see no threat to user data or platform performance.”
The news comes shortly after Britain’s National Cyber Security Center (NCSC) issued a warning about ongoing cyber-attacks by Russian and Iranian hacker groups.
While the two groups appear to have no collusion, they are separately attacking the same types of organizations, including last year government agencies, NGOs, and those in the defense and education sectors, as well as individuals such as politicians, journalists, and activists.
Through: Beeping computer (opens in new tab)