However, an audit of the code that became publicly

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 26, 2025 9:51 am

At first glance, the leaked data is outdated, the publication of which does not pose a threat to user security or the functionality of Yandex services. "The published fragments were indeed taken from our internal repository - a tool that the company's developers use to work with code. At the same time, the contents of the archive correspond to an outdated version of the repository - it differs from the current version used by our services. Initial analysis showed that the published fragments do not pose any threat to user security or the functionality of the services," the official press release says.
known revealed a whole bunch canada cell phone number list of violations of various policies, regulations and ethical standards. "We are very ashamed now, and we apologize to users and partners. We consider it necessary to explain why this happened and what we intend to do about it," - with these words begins the section where the results of this audit are presented.

For example, the code contained personal data, in particular, of taxi drivers. The errors of the recommendation system were corrected not with the help of algorithms, but by using a "temporary solution, implemented suboptimally and in a hurry", in other words, so-called crutches. Also, "some parts of the code contained words that did not affect the operation of the services in any way, but were offensive in themselves to people of different races and nationalities." Loopholes were found to avoid marking reviews in Yandex.Lavka as advertising.

Vladimir Ulyanov, head of the analytical center of the Zecurion company, believes the scale of this incident is significant: "Many of the company's projects are affected. As for the "skeletons", they are already emerging, some of them are highlighted in official reports. In terms of consequences, from the point of view of information security, studying the source codes can help both security researchers and attackers find some vulnerabilities or clues."

Marketing and Communications Director of Raketa LLC, Daria Zubritskaya, points out that the consequences of this incident will be felt for a long time: "And we are not talking about direct financial damage, but about reputational losses, since this leak revealed significant features of the services' operation. Yandex is already stating that several cases of serious violations of their policies and corporate ethics rules have been found in the code. It is quite possible that independent auditors will find even more serious violations of ethical and other standards."