Yandex said it caught an employee selling access to users' inboxes

The Russian company said the employee sold access to 4,887 user email accounts.
Written by Catalin Cimpanu, Contributor

Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains.

The company, which did not disclose the employee's name, said the person was "one of three system administrators with the necessary access rights to provide technical support" for its Yandex.Mail service.

The Russian company said it's now in the process of notifying the owners of the 4,887 mailboxes that were compromised and to which the employee sold access to third-parties.

Yandex officials also said they re-secured the compromised accounts and blocked what appeared to be unauthorized logins. They are now asking impacted account owners to change their passwords.

Incident discovered during a routine check

Yandex said it discovered the incident during a "routine screening" by its internal security team but did not elaborate.

The Russian company said that a "thorough internal investigation" of the incident is currently underway and that it plans to make changes to how its administrator staff can access user data.

It also said that there was no evidence to suggest that user payment data was accessed during the recent incident.

A Yandex spokesperson told ZDNet the employee is no longer with the company and that they referred the incident to authorities.

The biggest hacks, data breaches of 2020 (so far)

Editorial standards