Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, January 28 (Xinhua)-- according to BleepingComputer, the Yandex source code base stolen by a former employee of a Russian technology company has been leaked in the form of Torrent on a popular hacker forum.

Yesterday, the whistleblower posted a magnetic link they claimed to be "Yandex git sources", including 44.7GB files stolen from the company in July 2022. These code bases are said to contain all the company's source code except for anti-spam rules.

Arseniy Shestakov, a software engineer, analyzed the leaked Yandex Git repository and said it contained technical data and code about the following products:

Yandex search engine and indexing robot

Yandex map

Alice (AI Assistant)

Yandex taxi

Yandex Direct (advertising service)

Yandex Mail

Yandex Disk (Cloud Storage Service)

Yandex market

Yandex Travel (Travel booking platform)

Yandex360 (Workspace Services)

Yandex cloud

Yandex Pay (payment processing Service)

Yandex Metrika (Internet Analytics)

CTOnews.com learned that in a statement to BleepingComputer, Yandex said their system was not hacked and a former employee leaked the source code repository: "Yandex is not hacked. Our security service found code snippets of the internal repository in the public domain, but the content is different from the current version of the repository used in the Yandex service." A repository is a tool for storing and processing code, and most companies use code internally in this way.

Yandex added: "the repository needs to be used to process code, not to store individual user data. We are conducting an internal investigation into the cause of the leak, but we do not see any threat to user data or platform performance."

It is reported that the leak does not contain any customer data, so it does not pose a direct risk to the privacy or security of Yandex users, nor does it directly threaten the disclosure of patented technology.

The leaked repository contains only code, and another important part is data, while key parts, such as the model weights of neural networks, are not leaked, so it is almost useless. However, the leaked code creates the possibility for hackers to identify security vulnerabilities and create targeted vulnerabilities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.