Yandex Source Code Leaked, Racial Slurs Found In Document
A former Yandex employee allegedly leaked source code containing 1,922 ranking factors used by the Russian search engine in query results.
The code was allegedly stolen by a former employee of the Russian technology company and leaked as a Torrent on a popular hacking forum.
Last week, the leaker posted a link that they claim are ‘Yandex git sources’ consisting of 44.7 GB of files stolen from the company in July 2022. These code repositories are said to contain all of the company’s source code apart from anti-spam rules.
Yandex called the incident a “leak.”
“Yandex was not hacked,” the company said in a statement. “Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services.”
Arseniy Shestakov, co-founder and CTO at Hack The Publisher, analyzed the leaked Yandex Git repository and said it contains technical data and code.
In the post, he explains that the leak does not contain Git history, mostly just code. No pre-built binaries for most of software with only few exceptions. There are no pre-trained machine learning models with some exceptions.
Source code from the following was revealed:
- Search Engine and Indexing Bot
- Maps – similar to Google Maps and Street View
- Alice – AI assistant like Siri / Alexa
- Taxi – Uber-like taxi service
- Direct – Ads service like Google Ads / Adwords
- Mail – Mail service like GMail
- Disk – File storage service like Google drive
- Market – Marketplace like Amazon
- Travel – Like a Booking.com plus Airplane, Train and Bus tickets
- Yandex360 – Like Google Workspaces for services on your own domain
- Cloud – Probably not all infrastructure code was leaked
- Pay – Payment processing like Stripe, but with limited set of features
- Metrika – Like Google Analytics
But the turmoil did not stop there. Yandex also apologized Friday for racial slurs uncovered in the company’s source code. The apology came in response to the discovery of multiple references to the N-word in the company’s code base after it leaked online.
A researcher who goes by the name “Wacky Fruit” posted screenshots Thursday on Twitter showing the use of the word in multiple places.
“So they literally use “n***ers” instead of “workers” in their configs. …”
“We deeply regret that this word ever appeared in our internal codes,” the Yandex press office told CyberScoop in an email Friday.
The news comes about a month after Arkady Volozh, co-founder of Yandex, stepped down. He sent an internal message to staff in December 2022, ahead of a corporate restructuring that could see ownership of many of the firm’s core services change hands.
(30)