"Yandex" spoke about the first results of the investigation of the source code leak

"Yandex" spoke about the first results of the investigation of the source code leak



Company "Yandex» is investigating the leakage of the source codes of some of its services, preliminary results indicate that their performance and user security have not been compromised, reported company press office.

“The initial analysis showed that the published fragments do not pose any threat to the security of our users or the performance of services. At the same time, we decided that the current situation is a reason to conduct a large-scale audit of the entire contents of the repository, ”they said.

As it turned out, there were several cases of serious violations of the company's own policies, for example, the code contained the contact details of some Yandex partners, and in Yandex Lavka it was possible to manually set up recommendations for any products without marking them as advertising. During the discussion of the situation, Yandex again faced technoethics issues, they added.

“To what extent does the solution used correspond to universal human morality and our own principles? How understandable is the solution for our users and partners? It became obvious that the company's management paid little attention to these issues,” the company noted.

The leak of the source codes of a part of Yandex services became known on January 26. The total amount of archives found on the network is almost 45 GB in compressed form. The source of the company then told Vedomosti that the codes differ from the current version of the repository, which is used in the services. According to another source, the actions of an employee could be the cause of the leak. Experts interviewed at the time noted that the leak could be more serious than Yandex is trying to imagine, and attackers can use the archives posted on the network to clone services and attacks.



Source link