Zakharova: no cyberattack on Russian foreign ministry’s websiteRussian Politics & Diplomacy October 23, 18:29
Russia not ready to say whether it will cut oil production or freeze itBusiness & Economy October 23, 17:29
Experts probing into situation around cyberattack on Russian foreign ministry’s websiteRussian Politics & Diplomacy October 23, 17:05
Two bandits killed in special operation in Nizhny Novgorod - sourceWorld October 23, 15:15
S Arabian minister invites Russian counterpart to GCC oil ministers meetingBusiness & Economy October 23, 13:42
A family of eight killed in airstrike near Mosul - TVWorld October 23, 13:08
Kiev military launch more than 200 shells, destroy house in DonbassWorld October 23, 11:10
Rescuers evacuate 15 people from house hit by gas explosionSociety & Culture October 23, 11:07
Russian health minister says producing vaccines in Nicaragua is "very profitable"Society & Culture October 23, 7:36
MOSCOW, September 08. /ITAR-TASS/. A list of passwords of more than 1 million users of e-mail resource of Russia’s Yandex has leaked out, one of the authors of a resource HabraHabr said Monday.
“A base of e-mail addresses with passwords from Yandex e-mail boxes has been released today on a rather known resource. The base is a text document containing 1 million positions,” the author said.
The Federal Service for Communications, IT, and Mass Communication Oversight will check the leak if it receives corresponding complaints from users.
“Passwords themselves are not personal data of users, because they could not help to identify a person. But if users think that their personal data was not duly protected they can address the service, and it will conduct a check on requests,” the watchdog’s spokesman Vadim Ampelonsky said.
Yandex said that 85% of the leaked passwords from e-mail boxes were either out of use or created by robots. “We had already known about 85% of the compromised accounts: most of them have already popped up in similar lists for several years. We have warned their owners and offered them to change passwords, but they have not done it. It means that such accounts are either abandoned, or were created by robots,” Yandex said in a statement.
The company cancelled the passwords for the owners of the remaining 15% of the compromised accounts so that they change them. “It is not a matter of breaking into Yandex’ infrastructure; the data became known to perpetrators as a result of fishing or a virus activity on infected computers of some of users. It is not a targeted attack, but a result of assembling of compromised accounts during a long period of time,” the company said.
The publication of the data could have resulted from a break-in into Yandex’ system or an internal leakage, Andrei Zerenkov, an information security consultant at Symantec, said. He added that the number of the passwords is too large to call it a fishing or virus attack.
“The quantity of the victims, whose data got into public access, was too large for a fishing attack, which went unnoticed by several companies-leaders of the information security market. A virus attack would have been traced much earlier. Of course, the list might have been drawn for more than a year and even by a group of people, but the rationale for making the data public is unclear,” Zerenkov said. “Usually, such publications are a result of a leak, rather than a long and careful work with a hidden target, more often of a criminal character,” he said.
Vladimir Zagrebelin, executive director of Group IB, did not rule out that the perpetrators could have purchased the data from shadow resources to discriminate Yandex. The reason may be voiced either by Yandex itself or by an independent investigation.
Yandex owns Russia’s most popular Internet search engine and the Internet portal. The company is owned by its CEO Arkady Volozh, investment company Baring Vostok Capital Partners, and others. Yandex’ capitalization amounts to $10 billion on the NASDAQ exchange.