The Russian tech giant was quick to assure everyone that they had not been hacked.
This week Ars Technica reported that 44.7GB of source code files leaked source code have revealed the underpinnings of Russian tech giant Yandex’s many apps and services. The files had been stolen by a former employee, according to the company.
In a statement to BleepingComputer, Yandex said their systems were not hacked, and a former employee leaked the source code repository.
“Our security service found code fragments from an internal repository in the public domain”, the company declared in their statement. They also confirmed that the content differs from the current version of the repository used in Yandex services.
“Repositories are needed to work with code and are not intended for the storage of personal user data”, Yandex explained. “We are conducting an internal investigation into the reasons for the release of source code fragments to the public, but we do not see any threat to user data or platform performance”.
The “Yandex git sources” were posted as a torrent file on January 25 and show files seemingly taken in July 2022. The files, however, date to February 2022, when Russia launched its invasion of Ukraine. A former executive at Yandex told BleepingComputer that the leak was “political” and noted that the former employee had not tried to sell the code to Yandex competitors. Anti-spam code was also not leaked.
Revealed: the inner workings of SEO rankings
The Ars Technica article focuses on the fact that the leak reveals how Yandex, which operates the fourth largest search engine in the world, ranks webpages. While it’s not clear whether there are security or structural implications of Yandex’s source code revelation, the leak revealed 1,922 ranking factors in Yandex’s search algorithm, according to the report.
Yandex purportedly employs several ex-Google employees, Ars Technica says. The search engine tracks many of Google’s ranking factors, identifiable in its code, and competes heavily with Google.