Russian lawmaker: Relations between countries should not affect fight against terrorismRussian Politics & Diplomacy June 29, 8:33
Istanbul terrorist attack kills 36 peopleWorld June 29, 3:35
Analysts: Turkish president would like to mend relations with Moscow, save faceWorld June 28, 21:56
Diplomat sees no signs NATO will reckon with Russia’s legitimate security interestsRussian Politics & Diplomacy June 28, 21:51
Russian envoy believes Brexit may impact NATORussian Politics & Diplomacy June 28, 21:29
Russia-Indonesia trade turnover totaled $770 mln in Jan-Apr 2016 — ambassadorBusiness & Economy June 28, 20:57
Russian parliament speaker does not rule out Turkey apologized under partners’ pressureRussian Politics & Diplomacy June 28, 20:20
Turkey ready to consider compensation to killed Russian pilot’s family — spokesmanWorld June 28, 19:27
Ten Russian athletes filed 2016 Rio Games applications with IAAFSport June 28, 19:10
MOSCOW, September 08. /ITAR-TASS/. A list of passwords of more than 1 million users of e-mail resource of Russia’s Yandex has leaked out, one of the authors of a resource HabraHabr said Monday.
“A base of e-mail addresses with passwords from Yandex e-mail boxes has been released today on a rather known resource. The base is a text document containing 1 million positions,” the author said.
The Federal Service for Communications, IT, and Mass Communication Oversight will check the leak if it receives corresponding complaints from users.
“Passwords themselves are not personal data of users, because they could not help to identify a person. But if users think that their personal data was not duly protected they can address the service, and it will conduct a check on requests,” the watchdog’s spokesman Vadim Ampelonsky said.
Yandex said that 85% of the leaked passwords from e-mail boxes were either out of use or created by robots. “We had already known about 85% of the compromised accounts: most of them have already popped up in similar lists for several years. We have warned their owners and offered them to change passwords, but they have not done it. It means that such accounts are either abandoned, or were created by robots,” Yandex said in a statement.
The company cancelled the passwords for the owners of the remaining 15% of the compromised accounts so that they change them. “It is not a matter of breaking into Yandex’ infrastructure; the data became known to perpetrators as a result of fishing or a virus activity on infected computers of some of users. It is not a targeted attack, but a result of assembling of compromised accounts during a long period of time,” the company said.
The publication of the data could have resulted from a break-in into Yandex’ system or an internal leakage, Andrei Zerenkov, an information security consultant at Symantec, said. He added that the number of the passwords is too large to call it a fishing or virus attack.
“The quantity of the victims, whose data got into public access, was too large for a fishing attack, which went unnoticed by several companies-leaders of the information security market. A virus attack would have been traced much earlier. Of course, the list might have been drawn for more than a year and even by a group of people, but the rationale for making the data public is unclear,” Zerenkov said. “Usually, such publications are a result of a leak, rather than a long and careful work with a hidden target, more often of a criminal character,” he said.
Vladimir Zagrebelin, executive director of Group IB, did not rule out that the perpetrators could have purchased the data from shadow resources to discriminate Yandex. The reason may be voiced either by Yandex itself or by an independent investigation.
Yandex owns Russia’s most popular Internet search engine and the Internet portal. The company is owned by its CEO Arkady Volozh, investment company Baring Vostok Capital Partners, and others. Yandex’ capitalization amounts to $10 billion on the NASDAQ exchange.