software engineering

Yandex employee causes a breach involving 4,887 customers

By Abdelaziz BENTALEB

The Netherlands-based Russian search engine, email service provider and ride-sharing trips Yandex has revealed a data breach that led to 4,887 email accounts of its users being hacked.

The company blamed the incident on an unnamed employee who was providing unauthorized access to users’ mail for personal gain. “The employee was one of three system administrators with the necessary access rights to provide technical support for the service,” Yandex said in a statement.

The company stated that the security breach was identified during a routine audit of its systems by its security team, and there is no evidence that the user’s payment details were compromised during the incident, and it informed the affected mail owners to change the passwords.

It is not immediately clear when the violation occurred or when the employee began providing unauthorized access to outside parties. Yandex said: We are conducting a comprehensive internal investigation into the incident, and are also making changes to administrative access procedures, and this helps reduce the possibility of individuals compromising the security of user data in the future.

It is noteworthy that this is not the first time that technology companies are plagued by internal threats that lead to financial damage.

Telesforo Aviles, a former technician at security services company ADT, pleaded guilty last month to fraud and repeatedly breaking into the cameras he installed and videotaping clients, and was fired from the company in April 2020.

In December, former Cisco engineer Sudhish Kasaba Ramesh was sentenced to 24 months in prison for deleting 16,000 Webex accounts without permission, costing the company more than $ 2.4 million.

In October of last year, Amazon fired an employee for sharing customer names and email addresses with a third party.

Cybersecurity firm Trend Micro revealed in November 2019 that an employee had sold 68,000 customer data to cybercriminals, who then used that data to target customers with fraud calls by impersonating Trend Micro support staff.

Post Views: 264
Related Articles
Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.