Yappy followed in the footsteps of Rutube Business RusLetter
[ad_1]
“Pro-Ukrainian” hackers stole the data of users of the Yappy service controlled by Gazprom-Media, according to profile Telegram channels and Kommersant’s sources confirm. Tables with 2 million rows turned out to be publicly available, they contain full names, mobile phones, dates of registration and other data of users of the service. Experts suggest that the attackers gained access to data through the account of one of the service administrators.
Tonight, several Telegram channels that specialize in finding data leaks reported that the Russian vertical video service Yappy was attacked by “pro-Ukrainian hackers.”
In particular, the in2security channel reported a leak of four files with personal data of users of the social network as a whole for 2 million lines.
The files, write the channel administrators, contain data such as mobile phone and date of registration of users, information about the device from which they logged in, the type of connection, associated third-party service identifiers, such as the VKontakte ID, and other information. The Data1eaks channel adds that the leaked database is current as of July 1. Kommersant’s interlocutor in the information security market confirms the leak.
Gazprom Media announced about the launch of the social network Yappy with vertical videos in September 2021. It is aimed at Russian bloggers under 35 years of age and is based on the Yamolodets app purchased by the company in 2020. The service officially launched in November 2021. The popularity of the platform began to grow against the backdrop of the withdrawal of foreign social networks from the Russian market due to hostilities in Ukraine and blocking. In July, Gazprom-Media announced that in the first half of the year, the platform’s monthly audience exceeded 4 million users, and the volume of content more than tripled.
Yappy is not the first media asset of Gazprom-Media to fall victim to hackers. In May, Rutube was subjected to a large-scale attack. He remained unavailable for almost two days. As reported by the company, more than 75% of the databases and infrastructure of the main version of the site and 90% of backups and database recovery clusters were affected (see “Kommersant” of May 11). At Gazprom-Media, at the time of delivery of the material, they did not respond to Kommersant’s request.
The owner of the Eye of God Telegram bot, Yevgeny Antipov, believes that the attackers gained access to the corporate network through an administrator account.
“In other, third-party leaks, you can find the victim’s corporate mail, as a rule, it is a login. There is also a password. If everything matches, then the attacker enters the system under the guise of an administrator and simply unloads the data,” explains Mr. Antipov.
According to the new regulation in the field of personal data protection, in the event of a personal data leakage, the organization is obliged to report the incident to Roskomnadzor within 24 hours and submit a notification of the results of the internal response within 72 hours, notes Alexander Zhuravlev, managing partner of the EBR law firm: company, there was a leak that was made public by the media and discovered by Roskomnadzor before notification from the company, this can be perceived as a fact of hiding the incident.
Meanwhile, the Ministry of Digital Development is discussing the introduction of turnover fines for the leakage of personal data.
“Previously, it was proposed to introduce a fine of 1% of annual revenue and up to 3% if the company did not report the leak to Roskomnadzor in a timely manner. In the new version of the document, such a procedure of fines is provided only for companies whose actions led to the leakage of databases containing more than 100,000 records,” notes Mr. Zhuravlev.
Judging by how actively data leaks continue and how much their number has increased recently, the trend towards increased regulatory measures by the state will continue, therefore, the introduction of fines will not be long in coming, the expert believes. The fine, he adds, can be reduced to a fixed value if the company publicly admits that the data was stolen: appropriate level of information security.
[ad_2]
Source link