The “usagek” site provides you with news about a Yandex employee causing a breach of 4,887 customers, in a strange way.
The Netherlands-based Russian search engine, email service provider and ride-sharing Trips Yandex has committed a data breach that has hacked 4,887 email accounts of its users.
The company blamed the incident on an anonymous employee who was providing unauthorized access to users’ mail for personal gain.
Yandex employee does it
Yandex said in a statement: “Employee Service was one of three system administrators with the authority to provide technical support.
The company said the security breach was identified by its security team during a routine audit of its system, and there was no evidence that the user’s payment details were compromised during the incident, and that Affected mail owners were notified to change the password.
It is not immediately clear when the breach occurred or when the employee began providing unauthorized access to outsiders.
Yandex said: “We are conducting a comprehensive internal investigation into this incident, and are also making changes to the administrative access procedures, and this will help reduce the likelihood of individuals compromising the security of user data in the future.”
It is important to note that this is not the first time that technology companies have been confronted with internal risks that cause financial loss.
Security services company ADT Telesforro Evils, a former technician at the company, pleaded guilty last month to fraud and repeatedly videotaping his own cameras and clients, and was fired from the company in April 2020.
In December, a former Cisco engineer (Sudhish Kasaba Ramesh) was sentenced to 24 months in prison for deleting 16,000 Webex accounts without permission, costing the company more than 2. 2.4 million.
In October last year, Amazon fired an employee for sharing customer names and email addresses with a third party.
Cybersecurity firm Trend Micro revealed in November 2019 that an employee had sold 68,000 customer data to cybercriminals, who then used that data to target fraudulent customers by imitating Trend Micro support staff.