Yandex – one of Europe’s largest internet companies – is warning of a data breach that compromised 4,887 email accounts. The breach came from an insider threat.
In a security notice, Yandex said an employee had been providing unauthorised access to users’ email accounts “for personal gain.”
Yandex is the most-used search engine in Russia, & the 5th most-popular search engine worldwide. Beyond its search engine, Yandex’s internet product line-up includes email services, online advertising, app analytics & more.
The company found that a Yandex employee had been providing unauthorised access to users’ mailboxes “for personal gain.” This employee was one of 3 system administrators, who had the access privileges to provide technical support for mailboxes, commented Yandex.
“A thorough internal investigation of the incident is under way, & Yandex will be making changes to administrative access procedures,” explained Yandex’s last Fri. security advisory. “This will help minimise the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.”
The company discovered the breach during a routine screening by its security team. Yandex stressed, no payment details were compromised, & it has already blocked the unauthorised access to the compromised mailboxes.
“We have contacted the mailbox owners to alert them about the breach & they have been informed of the need to change their account passwords,” the company observed.
The data breach is reflective of an insider threat. This is a type of threat that comes from within an organisation – whether it is an employee, former employee, contractor or otherwise. Insider threats can be non-malicious – such as a mistake by an employee (like a cloud misconfiguration) that leads personal data being exposed, for instance. Or, as in this incident, they can be malicious, where an employee purposefully gives access (or is persuaded to give access) to internal systems or records.
According to Verizon’s 2020 Data Breach Investigations Report (DBIR), internal players were behind 30% of breaches (with the majority, or 70%, coming from external actors).
ADT, Cisco & Amazon
An insider threat could leave companies spiralling from financial or brand damage – but also a lack of subsequent trust from customers.
In a recent Jan. case, for instance, a former ADT employee was caught adding his personal email address to the accounts of attractive women, so he could have around-the-clock access to their most private moments.
In Dec., a former Cisco Systems employee was sentenced to 2 years in jail, after hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. In Oct., Amazon fired an employee who shared customers’ names & email addresses with a 3rd party.
Brandon Hoffman, Chief Information Security Officer at Netenrich, stated this incident highlights the ongoing concern related to insider threats.
“Employees are always a prime target for adversaries, whether it is targeting them to leverage their machine or identity or recruiting them actively on a closed source (dark web) forum,” said Hoffman.
“There has been several cases where we have seen a disgruntled employee posting messages on the dark web aiming to make a contact where they can ‘cash out’ their leverage as an employee. Considering this happened in Russia, a known hotspot (or even the primary hub) of cyber-crime, the fact that it was an intentional insider is not all that surprising.”