Russia’s Internet and search giant Yandex on Friday said that it caught one of its employees providing unauthorized access of users’ mailboxes to third parties for personal gains.
While the company did not disclose the employee’s name, it said that the person was “one of three system administrators with the necessary access rights to provide technical support” for its Yandex.Mail service.
The data breach was discovered by Yandex’s security team during routine screening, and a “thorough internal investigation” of the incident is currently underway. According to Yandex, payment details have not been compromised.
“An internal investigation revealed that an employee had been providing unauthorized access to users’ mailboxes for personal gain. The employee was one of three system administrators with the necessary access rights to provide technical support for the service. As a result of his actions, 4,887 mailboxes were compromised. No payment details held by Yandex were compromised,” the company said in a press release on Friday.
Yandex’s security team has already blocked unauthorized access to the compromised mailboxes.
The Russian company has also contacted the affected owners of the 4,887 mailboxes and alerted them about the data breach. They have informed the affected owners of the need to change their account passwords.
Yandex will be making changes to administrative access procedures to help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement to inform about the incident.