Putin says visit to Greece to boost cooperationRussian Politics & Diplomacy June 01, 8:34
President Putin to kick off volunteer recruitment campaign for 2018 World Cup June 1Sport June 01, 7:08
Death toll in stairwell collapse in Siberia reaches twoSociety & Culture June 01, 6:09
Russian warplanes hit IS oil facilities near Syria’s Raqqa — Russian defense ministryWorld June 01, 3:16
Bolshoi’s ex-soloist convicted of acid attack released on parole - lawyerSociety & Culture May 31, 23:30
CNPC may enter board of directors of Rosneft if it takes part in company’s privatizationBusiness & Economy May 31, 21:40
Russia calls on foreign partners to create united front to fight terrorism — diplomatRussian Politics & Diplomacy May 31, 21:34
Italian opposition party prepares resolution on Crimea’s status in TuscanyWorld May 31, 21:29
German Foreign Ministry confirms Transdniestrian settlement talks in BerlinWorld May 31, 20:55
MOSCOW, September 08. /ITAR-TASS/. A list of passwords of more than 1 million users of e-mail resource of Russia’s Yandex has leaked out, one of the authors of a resource HabraHabr said Monday.
“A base of e-mail addresses with passwords from Yandex e-mail boxes has been released today on a rather known resource. The base is a text document containing 1 million positions,” the author said.
The Federal Service for Communications, IT, and Mass Communication Oversight will check the leak if it receives corresponding complaints from users.
“Passwords themselves are not personal data of users, because they could not help to identify a person. But if users think that their personal data was not duly protected they can address the service, and it will conduct a check on requests,” the watchdog’s spokesman Vadim Ampelonsky said.
Yandex said that 85% of the leaked passwords from e-mail boxes were either out of use or created by robots. “We had already known about 85% of the compromised accounts: most of them have already popped up in similar lists for several years. We have warned their owners and offered them to change passwords, but they have not done it. It means that such accounts are either abandoned, or were created by robots,” Yandex said in a statement.
The company cancelled the passwords for the owners of the remaining 15% of the compromised accounts so that they change them. “It is not a matter of breaking into Yandex’ infrastructure; the data became known to perpetrators as a result of fishing or a virus activity on infected computers of some of users. It is not a targeted attack, but a result of assembling of compromised accounts during a long period of time,” the company said.
The publication of the data could have resulted from a break-in into Yandex’ system or an internal leakage, Andrei Zerenkov, an information security consultant at Symantec, said. He added that the number of the passwords is too large to call it a fishing or virus attack.
“The quantity of the victims, whose data got into public access, was too large for a fishing attack, which went unnoticed by several companies-leaders of the information security market. A virus attack would have been traced much earlier. Of course, the list might have been drawn for more than a year and even by a group of people, but the rationale for making the data public is unclear,” Zerenkov said. “Usually, such publications are a result of a leak, rather than a long and careful work with a hidden target, more often of a criminal character,” he said.
Vladimir Zagrebelin, executive director of Group IB, did not rule out that the perpetrators could have purchased the data from shadow resources to discriminate Yandex. The reason may be voiced either by Yandex itself or by an independent investigation.
Yandex owns Russia’s most popular Internet search engine and the Internet portal. The company is owned by its CEO Arkady Volozh, investment company Baring Vostok Capital Partners, and others. Yandex’ capitalization amounts to $10 billion on the NASDAQ exchange.