Ukraine's National Broadcasting Board issues fine to Public Radio for 0% Urkainian songsWorld July 22, 5:39
Femen movement activists faces 5 years in jail for trying to frustrate summit meetingWorld July 22, 4:38
Russian Deputy PM dismisses allegations he will arrived in Moldova on warplaneRussian Politics & Diplomacy July 22, 2:46
Russian top diplomat shares his impressions from meeting with US leaderRussian Politics & Diplomacy July 21, 20:31
Lavrov bewildered US special services give no facts of Russia’s meddling in US electionRussian Politics & Diplomacy July 21, 19:46
Putin says USSR collapse had greatest impact on himSociety & Culture July 21, 18:37
Putin expects Russian-European Mars landing mission to crown with successScience & Space July 21, 18:21
Key facts about ExxonMobil and its business in RussiaBusiness & Economy July 21, 18:14
Nemtsov’s daughter appeals against verdict on her father’s murder with Supreme CourtSociety & Culture July 21, 18:03
MOSCOW, September 08. /ITAR-TASS/. A list of passwords of more than 1 million users of e-mail resource of Russia’s Yandex has leaked out, one of the authors of a resource HabraHabr said Monday.
“A base of e-mail addresses with passwords from Yandex e-mail boxes has been released today on a rather known resource. The base is a text document containing 1 million positions,” the author said.
The Federal Service for Communications, IT, and Mass Communication Oversight will check the leak if it receives corresponding complaints from users.
“Passwords themselves are not personal data of users, because they could not help to identify a person. But if users think that their personal data was not duly protected they can address the service, and it will conduct a check on requests,” the watchdog’s spokesman Vadim Ampelonsky said.
Yandex said that 85% of the leaked passwords from e-mail boxes were either out of use or created by robots. “We had already known about 85% of the compromised accounts: most of them have already popped up in similar lists for several years. We have warned their owners and offered them to change passwords, but they have not done it. It means that such accounts are either abandoned, or were created by robots,” Yandex said in a statement.
The company cancelled the passwords for the owners of the remaining 15% of the compromised accounts so that they change them. “It is not a matter of breaking into Yandex’ infrastructure; the data became known to perpetrators as a result of fishing or a virus activity on infected computers of some of users. It is not a targeted attack, but a result of assembling of compromised accounts during a long period of time,” the company said.
The publication of the data could have resulted from a break-in into Yandex’ system or an internal leakage, Andrei Zerenkov, an information security consultant at Symantec, said. He added that the number of the passwords is too large to call it a fishing or virus attack.
“The quantity of the victims, whose data got into public access, was too large for a fishing attack, which went unnoticed by several companies-leaders of the information security market. A virus attack would have been traced much earlier. Of course, the list might have been drawn for more than a year and even by a group of people, but the rationale for making the data public is unclear,” Zerenkov said. “Usually, such publications are a result of a leak, rather than a long and careful work with a hidden target, more often of a criminal character,” he said.
Vladimir Zagrebelin, executive director of Group IB, did not rule out that the perpetrators could have purchased the data from shadow resources to discriminate Yandex. The reason may be voiced either by Yandex itself or by an independent investigation.
Yandex owns Russia’s most popular Internet search engine and the Internet portal. The company is owned by its CEO Arkady Volozh, investment company Baring Vostok Capital Partners, and others. Yandex’ capitalization amounts to $10 billion on the NASDAQ exchange.