The source code of Yandex, the largest and commonly referred to as the Russian Google, was hacked by attackers.
On a well-known hacker forum, Yandex source code repository purportedly stolen by a former employee of the Russian technology giant was leaked as a torrent with a link of size 44.7GB is leaked.
The leaked Yandex Git repository includes technical data and code about the products such as:
- Yandex search engine and indexing bot
- Yandex Maps
- Alice (AI assistant)
- Yandex Taxi
- Yandex Direct (ads service)
- Yandex Mail
- Yandex Disk (cloud storage service)
- Yandex Market
- Yandex Travel (travel booking platform)
- Yandex360 (workspaces service)
- Yandex Cloud
- Yandex Pay (payment processing service)
- Yandex Metrika (internet analytics)
Yandex informed Russian media that it was aware of the leak and that an inquiry had been started to determine the source code leaked in the public domain.
Yandex also emphasized that it was not hacked because the leaked files only contained code fragments from an internal repository that utilized different data from the repository’s most recent version.
The breach does not include any customer information, neither does it directly harm the privacy or security of Yandex customers or pose a threat to confidential or proprietary information.
The exposed code gives hackers the chance to find security holes and craft specialised exploits. A complete study of the disclosed code may reveal potential vulnerabilities at Yandex for threat actors.