Yandex Insider Breach Hits Nearly 5000 Inboxes

Russian internet giant Yandex has revealed that thousands of its customers had their accounts accessed due to a malicious insider working at the firm.

The Moscow-headquartered multi-national provides search, email, e-commerce and even ride-hailing services, and claims to have tens of millions of unique monthly users.

However, on Friday it noted in a brief statement that an employee had been selling access to users’ email accounts for personal gain.

“The employee was one of three system administrators with the necessary access rights to provide technical support for the service. As a result of his actions, 4887 mailboxes were compromised. No payment details held by Yandex were compromised,” it continued.

“Yandex’s security team has already blocked unauthorized access to the compromised mailboxes. We have contacted the mailbox owners to alert them about the breach and they have been informed of the need to change their account passwords.”

Yandex said an investigation is underway into the incident and that it will be making changes to its back-end access procedures, in order to “minimize the potential for individuals to compromise the security of user data in future.”

Insider threats are less common than attacks by malicious third parties, but often the damage can be worse as they are harder to spot. According to Verizon’s 2020 Data Breach Investigations Report, 30% of breaches it analyzed last year featured internal actors, although many of these will be down to negligence rather than malice. 

In a separate study from Egress a year ago, 75% of IT leaders said they believed employees have put data at risk intentionally, up 14% from 2019.