The Russian company said the employee sold access to 4,887 user email accounts.
https://www.zdnet.com/article/yandex-said-it-caught-an-employee-selling-access-to-users-inboxes/
Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains.
The company, which did not disclose the employee's name, said the person was "one of three system administrators with the necessary access rights to provide technical support" for its Yandex.Mail service.
The Russian company said it's now in the process of notifying the owners of the 4,887 mailboxes that were compromised and to which the employee sold access to third-parties.
[...] While the Russian tech giant said it referred the incident to authorities, a spokesperson did not return a request for comment from ZDNet seeking additional details about the employee and the incident.
(Score: 0) by Anonymous Coward on Monday February 15 2021, @04:10AM
At least (some of) the Russians fighting for "it", willing to shed blood, sweat, and tears.
Look at the CCP Chinese, brain-washed zombies.
(Score: 2) by jasassin on Monday February 15 2021, @04:18AM (2 children)
Does this mean email is more secure on gmail?
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by FatPhil on Monday February 15 2021, @10:19AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Socrastotle on Monday February 15 2021, @02:25PM
Was? Nearly all, if not all, of the programs Snowden revealed are not only operational, but have likely been greatly expanded given indirect evidence like the Utah Data Center [wikipedia.org].
To me a few thousand indicates that he probably just got busted pretty quickly. Like the article says the activity was picked up on during a normal internal security audit. If state actors, on either side of the pond, want access to people's private shit - they have more elegant ways of accessing it than paying off some bumbling fool to grab it on obviously logged access.
(Score: 0) by Anonymous Coward on Monday February 15 2021, @04:50AM (2 children)
Out of ALL the free e-mail services I've used throughout the years, it was my Yandex e-mail account which had other people logging in, they didn't even care to clear the logs (if they could), they just kept logging in/out. Whether or not they were the same individual or not, I don't know. I closed the account and haven't tried anything Yandex since.
(Score: 0) by Anonymous Coward on Monday February 15 2021, @03:52PM (1 child)
The default Unix security model doesn't help defending against root acting maliciously.
I heard that Google had added additional restrictions and monitoring (too many important people using their stuff), but mainframe OS have also had beefier access control for ages.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @04:56AM
RACF or ACF2, choose your poison. It's a very different world and yet strangely familiar, although I think Mainframes are more secure because you don't have random crapware running on them more so than because of some bolt on access control solution. But...want does all this have to do with google exactly? I would not have thought there were any IBM mainframes churning away in the depths of google land.
(Score: 1) by WeekendMonkey on Monday February 15 2021, @08:03AM (1 child)
Is the problem here that the individual was profiting from the sale?
(Score: 0) by Anonymous Coward on Monday February 15 2021, @02:46PM
Maybe he donated it to charity.
(Score: 0) by Anonymous Coward on Monday February 15 2021, @11:13AM (3 children)
it's a common occurrence.
There are tons of these systems, the work is... boring, long periods of nothing or a call every 3 minutes, no benefits, no respect, no way up or sideways, just bullshit.
The acquiring bank i work in at now, had a similar high profile case - a dude in this certain department that had access to fullPAN (un-censored transaction data with full cc number), who tracked local celeb's CC payments and sold position data to tabloids... he got famous and somewhat imprisoned.
Bribing/threatening/"motivating" an operator is a MO that is used by everyone, and is old as time.
Its a good, working tactic, when the database is set up properly, exploits for its version are too expensive for your budget, they building is a fortress and they aren't hiring new people :D
As for morality, legality and other bullshit - when the local spooks and military clowns come, they take the data and that is that.
And when they don't care, why should anyone?
To sum it up, assume that any public system containing any form of data on you can be accessed by anyone motivated and data is already exfiltrated.
(Score: 0) by Anonymous Coward on Monday February 15 2021, @11:26AM
and by "public" i meant "non-classified"
(Score: 0) by Anonymous Coward on Monday February 15 2021, @12:51PM (1 child)
Coincidence?
I sometimes wonder if the fortune cookie is really random, the current one is:
It is not enough to have great qualities, we should also have the management of them. -- La Rochefoucauld
(Score: 2) by hendrikboom on Monday February 15 2021, @07:14PM
Indeed. Attention deficit is a bitch.