https://www.zdnet.com/article/yandex-said-it-caught-an-employee-selling-access-to-users-inboxes/ * Edition: + Asia + Australia + Europe + India + United Kingdom + United States + ZDNet around the globe: + ZDNet France + ZDNet Germany + ZDNet Korea + ZDNet Japan Search What are you looking for? [ ] Go * Videos * Windows 10 * 5G * Best VPNs * Cloud * Security * AI * more + TR Premium + Working from Home + Innovation + Best Web Hosting + ZDNet Recommends + Tonya Hall Show + Executive Guides + ZDNet Academy + See All Topics + White Papers + Downloads + Reviews + Galleries + Videos + TechRepublic Forums * Newsletters * All Writers * + Preferences + Community + Newsletters + Log Out * * + What are you looking for? [ ] Go * Menu + Videos + Windows 10 + 5G + Best VPNs + Cloud + Security + AI + TR Premium + Working from Home + Innovation + Best Web Hosting + ZDNet Recommends + Tonya Hall Show + Executive Guides + ZDNet Academy + See All Topics + White Papers + Downloads + Reviews + Galleries + Videos + TechRepublic Forums * * + o Preferences o Community o Newsletters o Log Out * us + Asia + Australia + Europe + India + United Kingdom + United States + ZDNet around the globe: + ZDNet France + ZDNet Germany + ZDNet Korea + ZDNet Japan Yandex said it caught an employee selling access to users' inboxes The Russian company said the employee sold access to 4,887 user email accounts. * * * * * * * Catalin Cimpanu By Catalin Cimpanu for Zero Day | February 12, 2021 -- 13:55 GMT (05:55 PST) | Topic: Security yandex.jpg Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains. The company, which did not disclose the employee's name, said the person was "one of three system administrators with the necessary access rights to provide technical support" for its Yandex.Mail service. The Russian company said it's now in the process of notifying the owners of the 4,887 mailboxes that were compromised and to which the employee sold access to third-parties. Yandex officials also said they re-secured the compromised accounts and blocked what appeared to be unauthorized logins. They are now asking impacted account owners to change their passwords. Incident discovered during a routine check Yandex said it discovered the incident during a "routine screening" by its internal security team but did not elaborate. The Russian company said that a "thorough internal investigation" of the incident is currently underway and that it plans to make changes to how its administrator staff can access user data. It also said that there was no evidence to suggest that user payment data was accessed during the recent incident. While the Russian tech giant said it referred the incident to authorities, a spokesperson did not return a request for comment from ZDNet seeking additional details about the employee and the incident. The biggest hacks, data breaches of 2020... SEE FULL GALLERY [][1] [][2] [][3] [][4] [][5] [wAAACH5BAE] [wAAACH5BAE] [wAAACH5BAE] [wAAACH5BAE] 1 - 5 of 9 NEXT PREV Security * Every Google Chrome user should click this button now * Cyber security 101: Protect your privacy from hackers, spies, and the government * The best antivirus software and apps * The best VPNs for business and home use * The best security keys for two-factor authentication * DDoS attacks and ransomware: How to protect yourself against them (ZDNet YouTube) Related Topics: Tech Industry Security TV Data Management CXO Data Centers * * * * * * * Catalin Cimpanu By Catalin Cimpanu for Zero Day | February 12, 2021 -- 13:55 GMT (05:55 PST) | Topic: Security Show Comments LOG IN TO COMMENT * My Profile * Log Out | Community Guidelines Join Discussion Add Your Comment Add Your Comment More from Catalin Cimpanu * [][phishing-safe-browsing] Security Apple will proxy Safe Browsing traffic on iOS 14.5 to hide user IPs from Google * [][msft-web-shells-2021] Security Microsoft said the number of web shells has doubled since last year * [][accellion] Security Accellion to retire product at the heart of recent hacks * [][avaddon-ransomware] Security Free decrypter released for Avaddon ransomware victims... aaand, it's gone! Please review our terms of service to complete your newsletter subscription. [ ] By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy. You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time. [ ] You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. Continue Newsletters See All See All Related Stories * 1 of 3 * * [][gold-coins-everywhere] Scallops, vaccines and Tesla: The wild world of blockchain and cryptocurrency Tesla's Elon Musk and Twitter's Jack Dorsey have everyone's interest piqued in cryptocurrency and blockchain. However, these two technologies are still not well understood. What ... * [][phishing-safe-browsing] Apple will proxy Safe Browsing traffic on iOS 14.5 to hide user IPs from Google iOS 14.5 is currently in beta. * [][istock-1235544073] Dating apps: Data shows an increase in Saturday installs, but bots cause problems Dating apps -- and meeting people online -- has gone from a social taboo to the most normal thing in the world. But bots can infest apps, frustrating users and leaving them open to cybercrime. ... * [][istock-1179846145] These dating apps are tracking your location While dating apps are a simple click away on the app stores, as soon as you download them, they become a treasure trove of personal information that can be used against you. ... * [][msft-web-shells-2021] Microsoft said the number of web shells has doubled since last year Microsoft says it's seeing around 140,000 web shells a month, up from roughly 77,000 last August. * [][facebook-website] OAIC cautions giving big tech access to information under the Consumer Data Right Commissioner Angelene Falk has raised concerns over giving a digital platform access to all data once accredited as a data recipient under the Consumer Data Right. ... * [][sec] Brazilian authorities start probe as 102 million consumers are exposed in new leak The National Data Protection Authority is investigating the country's second largest data protection incident of 2021 * [][cloudflare] Cloudflare Q4 revenue and profit top expectations, outlook higher as well, shares drop Cloudflare's dollar-based net retention rate was boosted three points by sales to large enterprise customers. * [][accellion] Accellion to retire product at the heart of recent hacks The Accellion FTA file transfer service has been at the heart of recent hacks at banks, telcos, and government organizations across the world. ZDNet Connect with us (c) 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use * Topics * Galleries * Videos * Sponsored Narratives * Do Not Sell My Information * About ZDNet * Meet The Team * All Authors * RSS Feeds * Site Map * Reprint Policy * Manage | Log Out * Join | Log In * Membership * Newsletters * Site Assistance * ZDNet Academy * TechRepublic Forums