Yandex security service discovered an internal information leak. According to the results of the investigation, it became known that one of the company's employees provided unauthorized access to users' mailboxes.
The attacker turned out to be one of three system administrators who had access rights to perform work tasks to provide technical support for the service. As a result of his actions, 4887 mailboxes were compromised.
“Unauthorized access to compromised mailboxes has already been blocked. Their owners have received a notification about the need to change the password for their account, "the press service of Yandex said.
An internal investigation is carried out on the detected incident and the work processes of employees with administrative rights of this level of access will be reviewed.