Some days ago information about the leak of almost 45 GB was released from Russian tech giant source code files "Yandex", allegedly stolen by a former employee and which have revealed the basics of the search engine's many applications and services that are rarely disclosed to the public.
The "git sources of Yandex" was released as a torrent file on January 25 and shows files apparently taken in July 2022 and dating back to February 2022. Software engineer Arseniy Shestakov says he checked with current Yandex employees that some files "certainly contain code from the company's services."
Russian technology company Yandex apologized after racial slurs were found in this code source leaked, saying there was no data breach. Several references to racial slurs, including the "N-word," were found in the company's source code last week.
Software engineer Arseniy Shestakov analyzed the leaked Yandex Git repository and said that it contains technical data and code for the following products:
- Yandex search engine and indexing bot
- Yandex Maps
- Alice (AI assistant)
- Yandex Taxi
- Yandex Direct (ad service)
- Yandex mail
- Yandex Disk (cloud storage service)
- Yandex market
- Yandex Travel (travel booking platform)
- Yandex360 (workspace service)
- Yandex Pay (payment processing service)
- Yandex Metrika (web analytics).
Shestakov also shared a directory listing of the leaked files on GitHub for those who want to see what source code was stolen.
"There are at least a few API keys, but they are probably only used to test the implementation," Shestakov said of the leaked data.
It's a statement, Yandex said that its systems were not hacked and that a former employee leaked the repository from the source code:
Yandex was not hacked. Our security service found code snippets from an internal public domain repository, but the content differs from the current version of the repository used in Yandex services.
A repository is a tool for storing and working with code. The code is used in this way internally by most companies.
Repositories are necessary for working with code and are not intended to store personal user data. We are conducting an internal investigation into the reasons for the public release of source code snippets, but we do not see any threat to user data or platform performance.
Records date notably to February 2022, when Russia launched a full-scale invasion of Ukraine. A former Yandex executive called the leak "political," noting that the former employee had not tried to sell the code to Yandex's competitors. The antispam code was also not disclosed.
While it is not clear if the disclosure of the Yandex source code has structural or security implications, The leak of 1.922 ranking factors in the Yandex search algorithm is certainly causing a sensation.
Russian tech company Yandex has apologized after racial slurs were found in leaked source code. Several references to racial slurs were found in the company's source code. A researcher first revealed the use of offensive terminology in a series of posts on Twitter on January 26, drawing strong criticism.
In a statement, Yandex said that an initial investigation showed that the leaked code "appears to be different old snippets from the current version in the company's repository." The company added that the leaked code would "never have affected any of the company's services."
“We deeply regret that these words have appeared in our internal codes,” Yandex said. "This is unacceptable and a flagrant violation of our corporate ethics." "We are currently conducting an internal review to better understand how this happened, and we will take appropriate action, including to ensure this does not happen again."
Racial slurs were sprayed on the leaked Yandex. They have been used in function and variable names, printed messages, and other places in configuration files.
Developers often use specific terms or names to help other developers understand what function or action a certain line of code performs.
It is worth mentioning that this is not the first such problem faced by Yandex, since in 2015 he saw his search engine code disappear, when a former employee tried to sell it on the black market for $28.000 to finance his own startup. The surprisingly low number of the main code of the main Yandex product suggested that it was unaware of its real value. This employee received a two-year suspended sentence and the code was never seen publicly.
Finally If you are interested in knowing more about it, you can check the details In the following link.
Be the first to comment