Russian Tech Giant Yandex Hit by Insider Breach of Almost 5000 Customer Email Accounts
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Yandex announced that an employee sold access to almost 5,000 customer email accounts. The employee was a Yandex system administrator with administrative privileges to access to customer email accounts.
It is not known when the illegal access to Yandex accounts began, when the breach was discovered, or who was able to access the compromised accounts.
Yandex (NASDAQ and MOEX: YNDX) is one of Europe’s largest internet companies.
READ Russia Denies Responsibility for SolarWinds Cyberattack
“An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain,” said Yandex in a post on their website.
So, this was an inside job with no threat from external attackers.
According to the statement, no payment cards were compromised in the breach.
Yandex is based in Moscow and is Russia’s largest tech company. The company provides online search (Yandex.com), email, e-commerce and facilitates a ride-sharing service.
The email account holders have been informed of the security incident. All account holders were directed to change their passwords.
Insider Threats Happen
In July 2019, an Amazon Web Services (AWS) employee was charged with stealing 106 million credit cards. The compromised payment cards were lifted from Capital One cloud computing services.
How to Secure Your Email Account
This inbox breach was the work of an insider at Yandex employee who had administrative privileges to access customer accounts. Admin rights are necessary so the company can set up, manage, repair, and remove email accounts when needed.
To protect your email from attackers – always use a strong, original, and unique password. People often use the same password across multiple online logins which leaves them vulnerable to cybercriminals.
Don’t re-use the same password for all of your online accounts. When an attacker breaks into one online account (even something innocuous like a rewards program) they can use that same password to steal your money from your bank account. A password keeper can help you manage all of them.