Yandex employee committed violations against 4,887 clients
Yandex employee committed violations against 4,887 clients

Russian search engine, Netherlands-based messaging and trip-sharing provider Yandex discovered a data breach that resulted in 4,887 email accounts of its users being compromised.

The company blamed the incident on an anonymous employee who had unauthorized access to users' emails for personal use.

"An employee is one of three system administrators who have the necessary access rights to provide technical support for the service," Yandex said in a statement.

The company said its security team discovered the vulnerability during a routine check of its system. There was no indication that the user's payment details were compromised during the incident and that the owner of the affected email was required to change their password.

It is not clear when the violation occurred or when employees began granting unauthorized outside access.

Yandex said: We are conducting a full internal investigation of the incident and will also make changes to administrative access procedures to reduce the possibility that people will be at risk in the security of user data in the future.

It should be noted that this is not the first time that a technology company has been exposed to internal threats that can lead to financial loss.

Telesforo Aviles, a former technician at security company ADT, pleaded guilty to the fraud and repeatedly broke into cameras he installed and photographed clients last month and was fired from the company in April 2020.

Last December, a former Cisco engineer (Sudhesh Kassaba Ramesh) was sentenced to 24 months in prison for deleting 16,000 Webex accounts without permission, costing the company more than $ 2.4 million.

Last October, Amazon laid off an employee who provided a customer name and email address to a third party.

Cybersecurity company Trend Micro announced in November 2019 that an employee had sold 68,000 customer data to cybercriminals and then used that data to target customers with fraudulent calls disguised as Trend Micro support agents.

Previous Post Next Post