Figure skating pairs competition excluded from schedule of 2017 Winter UniversiadeSport January 16, 20:34
DPR top diplomat blames Kiev for dodging discussion of Steinmeier formula implementationWorld January 16, 20:14
IMF maintains forecast for global economy growth in 2017 at 3.4%Business & Economy January 16, 19:45
Six more settlements join Syria ceasefire regime — Defense MinistryWorld January 16, 19:22
Foreign Ministry: Washington initiating new arms race in EuropeRussian Politics & Diplomacy January 16, 19:15
Diplomat says anti-terror efforts must not be hostage to political ambitionsRussian Politics & Diplomacy January 16, 19:08
Russian football team to use training camp abroad for 2017 FIFA Confederations CupSport January 16, 19:00
Russia's Nornickel to present social, economic projects at Arctic forumBusiness & Economy January 16, 18:51
IMF expects oil prices to grow by almost 20% in 2017Business & Economy January 16, 18:39
MOSCOW, September 08. /ITAR-TASS/. A list of passwords of more than 1 million users of e-mail resource of Russia’s Yandex has leaked out, one of the authors of a resource HabraHabr said Monday.
“A base of e-mail addresses with passwords from Yandex e-mail boxes has been released today on a rather known resource. The base is a text document containing 1 million positions,” the author said.
The Federal Service for Communications, IT, and Mass Communication Oversight will check the leak if it receives corresponding complaints from users.
“Passwords themselves are not personal data of users, because they could not help to identify a person. But if users think that their personal data was not duly protected they can address the service, and it will conduct a check on requests,” the watchdog’s spokesman Vadim Ampelonsky said.
Yandex said that 85% of the leaked passwords from e-mail boxes were either out of use or created by robots. “We had already known about 85% of the compromised accounts: most of them have already popped up in similar lists for several years. We have warned their owners and offered them to change passwords, but they have not done it. It means that such accounts are either abandoned, or were created by robots,” Yandex said in a statement.
The company cancelled the passwords for the owners of the remaining 15% of the compromised accounts so that they change them. “It is not a matter of breaking into Yandex’ infrastructure; the data became known to perpetrators as a result of fishing or a virus activity on infected computers of some of users. It is not a targeted attack, but a result of assembling of compromised accounts during a long period of time,” the company said.
The publication of the data could have resulted from a break-in into Yandex’ system or an internal leakage, Andrei Zerenkov, an information security consultant at Symantec, said. He added that the number of the passwords is too large to call it a fishing or virus attack.
“The quantity of the victims, whose data got into public access, was too large for a fishing attack, which went unnoticed by several companies-leaders of the information security market. A virus attack would have been traced much earlier. Of course, the list might have been drawn for more than a year and even by a group of people, but the rationale for making the data public is unclear,” Zerenkov said. “Usually, such publications are a result of a leak, rather than a long and careful work with a hidden target, more often of a criminal character,” he said.
Vladimir Zagrebelin, executive director of Group IB, did not rule out that the perpetrators could have purchased the data from shadow resources to discriminate Yandex. The reason may be voiced either by Yandex itself or by an independent investigation.
Yandex owns Russia’s most popular Internet search engine and the Internet portal. The company is owned by its CEO Arkady Volozh, investment company Baring Vostok Capital Partners, and others. Yandex’ capitalization amounts to $10 billion on the NASDAQ exchange.