0 %

Yandex Employee Caught Selling Access to Users’ Email Inboxes

February 15, 2021

Russian Dutch-domiciled search engine, ride-hailing and e mail service supplier Yandex on Friday disclosed an information breach that compromised 4,887 e mail accounts of its customers.

The corporate blamed the incident on an unnamed worker who had been offering unauthorized entry to the customers’ mailboxes for private achieve.

“The worker was certainly one of three system directors with the mandatory entry rights to offer technical help for the service,” Yandex mentioned in an announcement.

The corporate mentioned the safety breach was recognized throughout a routine audit of its techniques by its safety crew. It additionally mentioned there was no proof that person cost particulars have been compromised through the incident and that it had notified affected mailbox house owners to vary their passwords.

password auditor

It isn’t instantly clear when the breach occurred or when the worker started providing unauthorized entry to third-parties.

“An intensive inside investigation of the incident is below manner, and Yandex can be making modifications to administrative entry procedures,” the corporate said. “It will assist reduce the potential for people to compromise the safety of person information in future. The corporate has additionally contacted regulation enforcement.”

Insider Threats Proceed to Hit Corporations

This isn’t the primary time insider threats have plagued tech firms and resulted in monetary or reputational harm.

Final month, Telesforo Aviles, a 35-year-old former Dallas-based ADT technician, pled guilty to pc fraud and invasive visible recording for repeatedly breaking into cameras he put in and considered clients partaking in intercourse and different intimate acts. He was terminated from the agency in April 2020.

In December, former Cisco engineer Sudhish Kasaba Ramesh, 31, was sentenced to 24 months in prison for deleting 16,000 Webex accounts with out authorization, costing the corporate greater than $2.4 million, with $1,400,000 in worker time and $1,000,000 in buyer refunds.

In October final yr, Amazon fired an worker for sharing clients’ names and e mail addresses with a third-party.

And in November 2019, cybersecurity agency Development Micro revealed {that a} rogue worker bought the information of 68,000 clients to malicious cybercriminals, who then used that information to focus on clients with rip-off calls by posing as Development Micro help personnel.

Posted in SecurityTags:
Write a comment