Russian search engine Yandex offers a slew of online services to replace Google, Netflix, Spotify, Amazon, and Uber. However, a recent Yandex data leak contains nearly 50 gigabytes of data with leaked files, including information ranging from API (application programming interface) keys to search engine behaviors. Information released by the leaker as “Yandex git sources” contains source code for most of Yandex’s online services.
What Was Leaked
Most data leaks involve hackers trying to collect user information like emails, phone numbers, and credit card information. The Yandex data leak doesn’t include user data or personally identifiable information but offers a wealth of information that reveals how the search engine works and source codes for Yandex’s major services, except for their anti-spam rules.
Most of the leaked information included back-end coding related to Yandex’s search engine and online services. Some API keys also leaked, though these appear as test keys and not permanent, usable ones.
Search Engine Ranking Factors
Part of the leak reveals Yandex’s ranking factors for search results, a feature that controls which search results appear when you type in a search query. The leak shows that Yandex’s ranking factors include the following:
Yandex uses 1,922 ranking factors. The leak allows SEO (search engine optimization) specialists and marketing professionals to find details on how search engines rank their search results.
Yandex Service Source Code
The Yandex data leak also exposed the source code for most of its major services. These services mirror many that exist in the United States. Source code for the following services was leaked, which are similar to several Google services:
Mail (similar to Gmail)
Disk (Google Drive)
Maps (Google Maps)
Metrika (Google Analytics)
Yandex360 (Google Workspaces)
Source code for Yandex services similar to other American tech giants were leaked, including:
Taxi (similar to Uber)
Alice (Siri or Alexa)
Yandex Denies Being Hacked
Yandex blames a former employee for the leak, denying a hack. The company stated that the information released does not reflect the inner workings of Yandex’s current search engine system. In their own words, “Our security service found code fragments from an internal repository in the public domain, but the content differs from the current version of the repository used in Yandex services.”
While Yandex searches for the source of the leak, they state that users shouldn’t expect any platform downtime and that none of the leaked data included user information.
Yandex doesn’t yet know who caused the breach, but the timing seems suspicious. The leaker appears to have pulled information from February 24, 2022, the same day Russia invaded Ukraine. Many believe that though the leaker released the information on January 25, 2023, the date the code came from may indicate a politically motivated leak.
Whatever the reason, the Yandex data leak reveals important information regarding a top-tier web service’s ability to scan and index online code and data about its online services.