Yandex
Company Details
Linkedin ID:
yandex
Website:
Employees number:
8,834
Number of followers:
205,884
NAICS:
513
Industry Type:
Homepage:
yandex.com
IP Addresses:
0
Company ID:
YAN_3144245
Scan Status:
In-progress
Yandex Company CyberSecurity Posture
yandex.com
Yandex is a technology company that builds intelligent products and services powered by machine learning. Our goal is to help consumers and businesses better navigate the online and offline world. Since 1997, we have delivered world-class, locally relevant search and information services. Additionally, we have developed market-leading on-demand transportation services, navigation products, and other mobile applications for millions of consumers across the globe. Yandex, which has 34 offices worldwide, has been listed on the NASDAQ since 2011.
Yandex A.I CyberSecurity Scoring
Yandex Risk Score (AI oriented)Between 650 and 699
Yandex
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Yandex Global Score (TPRM)XXXX
Yandex
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Yandex Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Yandex
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A Yandex source code repository purportedly stolen by a former worker of the Russian IT giant was exposed on a well-known forum for cybercrime. There are no personal details because this breach just includes the contents of git repositories. There are at least a few API keys, but they are probably mainly used for deployment testing. The business said that it is looking into the data leak, but made clear that user data was safe and platform performance was unaffected. Threat actors may be able to examine the git source code because it is available to the public and uncover flaws that they can use to attack Yandex services.
Yandex
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Yandex, a prominent Russian technology corporation, experienced a significant security breach involving a novel Android spyware named LianSpy. The malware targeted Russian users, covertly capturing screencasts, exfiltrating files, and harvesting sensitive user data such as call logs and app lists. LianSpy employed Yandex Cloud services to facilitate command and control communications, complicating efforts to detect and attribute the malware activity. The breach demonstrates the increasing sophistication of cyber threats, as well as the challenges organizations face in protecting user data against clandestine and advanced cyberespionage tactics.
Yandex
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. The threat actor behind the post claimed to have obtained 44.7 GB of files in July 2022, all the files are dated back to 24 February 2022 (the date of the Russian invasion of Ukraine). The leaked repository contained the source code for all major services of Yandex, including: Search Engine and Indexing Bot, Maps – Like Google Maps and Street View, Alice – AI assistant like Siri / Alexa, Taxi – Uber-like taxi service, Direct – Ads service like Google Ads / Adwords, Mail – Mail service like GMail, Disk – File storage service like Google drive, Market – Marketplace like Amazon, Travel – Like a Booking.com plus Airplane, Train and Bus tickets, Yandex360 – Like Google Workspaces for services on your own domain, Cloud – Probably not all infrastructure code was leaked., Pay – Payment processing like Stripe, but with a limited set of features, Metrika – Like Google Analytics. The company started investigating the data leak, however, pointed out that user data were not compromised and platform performance was not impacted.
Yandex Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Yandex
Incidents vs Technology, Information and Internet Industry Average (This Year)
No incidents recorded for Yandex in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Yandex in 2025.
Incident Types Yandex vs Technology, Information and Internet Industry Avg (This Year)
No incidents recorded for Yandex in 2025.
Incident History — Yandex (X = Date, Y = Severity)
Yandex cyber incidents detection timeline including parent company and subsidiaries
Yandex Company Subsidiaries
Yandex is a technology company that builds intelligent products and services powered by machine learning. Our goal is to help consumers and businesses better navigate the online and offline world. Since 1997, we have delivered world-class, locally relevant search and information services. Additionally, we have developed market-leading on-demand transportation services, navigation products, and other mobile applications for millions of consumers across the globe. Yandex, which has 34 offices worldwide, has been listed on the NASDAQ since 2011.
Loading...
Yandex Similar Companies
Cimpress plc (Nasdaq: CMPR) invests in and builds customer-focused, entrepreneurial, mass-customization businesses for the long term. Mass customization is a competitive strategy which seeks to produce goods and services to meet individual customer needs with near mass production efficiency. Cimpr
Thirteen-time Webby award-winning Freelancer is the world’s largest freelancing and crowdsourcing marketplace by total number of users and projects posted. More than 80 million registered users have posted over 25 million projects and contests to date in over 3,000 areas as diverse as website develo
More people find jobs on Indeed than anywhere else. Indeed is the #1 job site in the world (Comscore, Total Visits, March 2024) and allows job seekers to search millions of jobs in more than 60 countries and 28 languages. Indeed has more than 580 million Job Seeker Profiles. Every day, job seekers u
Times Internet
At Times Internet, we create premium digital products that simplify and enhance the lives of millions. As India’s largest digital products company, we have a significant presence across a wide range of categories, including News, Sports, Fintech, and Enterprise solutions. Our portfolio features mar
Avnet
Avnet is a global electronic components distributor with extensive design, product, marketing and supply chain expertise for customers and suppliers at every stage of the product lifecycle. For the past 100 years, Avnet has helped its customers and suppliers around the world realize the transformati
YouTube
YouTube is a team-oriented, creative workplace where every single employee has a voice in the choices we make and the features we implement. We work together in small teams to design, develop, and roll out key features and products in very short time frames. Which means something you write today cou
Myntra
At Myntra, we don’t just follow fashion - we define it. As India's leading fashion, lifestyle, and beauty destination, we bring together the best of style, technology, and innovation to create a seamless shopping experience for our customers. With a commitment to empowering self-expression, we cura
Independiente / Freelance
La etimología de la palabra deriva del término medieval inglés usado para un mercenario (free-independiente o lance-lanza), es decir, un caballero que no servía a ningún señor en concreto y cuyos servicios podían ser alquilados por cualquiera. El término fue acuñado inicialmente por Sir Walter Scot
SLB
We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further i
.png)
Yandex CyberSecurity News
November 22, 2025 03:19 PM
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian...
November 14, 2025 08:00 AM
Kazakh official reviews cybersecurity cooperation in Azerbaijan
The delegation led by the minister also visited the Electronic Security Service, where discussions focused on potential areas of cooperation...
November 07, 2025 09:08 AM
Chinese cybersecurity firm among winners at World Internet Conference awards
The chairman of Chinese cybersecurity firm DAS-Security has expressed the company's delight at winning the Distinguished Contribution Award...
October 11, 2025 07:00 AM
Azerbaijan Cybersecurity Organizations and Femmes Digitales sign MoU
The Association of Cybersecurity Organizations of Azerbaijan (AKTA) and the Femmes Digitales – Supporting Women in Tech Public Uni...
October 09, 2025 07:00 AM
Azerbaijan and Georgia strengthen cybersecurity cooperation
The meeting, attended by Lieutenant Colonel Elshan Hasanov, chief of the Cybersecurity Service at the Azerbaijani Ministry of Defense,...
August 27, 2025 07:00 AM
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
The package is listed inside Platform One's Iron Bank, a vetted Defense Department software repository, people familiar say.
July 22, 2025 07:00 AM
Yandex starts cybersecurity JV with SolidSoft
Russian internet company Yandex said that its unit Yandex B2B Tech has agreed to set up a joint venture in cooperation with the company...
June 18, 2025 07:00 AM
What risks does AI pose? Opinions from a cybersecurity expert and a psychologist
Artificial intelligence (AI) is rapidly transforming the world, entering everyday life, industry, and even the military sphere.
June 09, 2025 07:00 AM
Meta’s New Method to Secretly Track Android Users
Researchers have revealed a sophisticated tracking method employed by Meta (Facebook) and Yandex that allowed these companies to covertly link users' web...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Yandex CyberSecurity History Information
Official Website of Yandex
The official website of Yandex is http://company.yandex.com.
Yandex’s AI-Generated Cybersecurity Score
According to Rankiteo, Yandex’s AI-generated cybersecurity score is 693, reflecting their Weak security posture.
How many security badges does Yandex’ have ?
According to Rankiteo, Yandex currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Yandex have SOC 2 Type 1 certification ?
According to Rankiteo, Yandex is not certified under SOC 2 Type 1.
Does Yandex have SOC 2 Type 2 certification ?
According to Rankiteo, Yandex does not hold a SOC 2 Type 2 certification.
Does Yandex comply with GDPR ?
According to Rankiteo, Yandex is not listed as GDPR compliant.
Does Yandex have PCI DSS certification ?
According to Rankiteo, Yandex does not currently maintain PCI DSS compliance.
Does Yandex comply with HIPAA ?
According to Rankiteo, Yandex is not compliant with HIPAA regulations.
Does Yandex have ISO 27001 certification ?
According to Rankiteo,Yandex is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Yandex
Yandex operates primarily in the Technology, Information and Internet industry.
Number of Employees at Yandex
Yandex employs approximately 8,834 people worldwide.
Subsidiaries Owned by Yandex
Yandex presently has no subsidiaries across any sectors.
Yandex’s LinkedIn Followers
Yandex’s official LinkedIn profile has approximately 205,884 followers.
NAICS Classification of Yandex
Yandex is classified under the NAICS code 513, which corresponds to Others.
Yandex’s Presence on Crunchbase
Yes, Yandex has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/yandex.
Yandex’s Presence on LinkedIn
Yes, Yandex maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/yandex.
Cybersecurity Incidents Involving Yandex
As of December 15, 2025, Rankiteo reports that Yandex has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Yandex has an estimated 13,158 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Yandex ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Data Leak.
Incident Details
Can you provide details on each incident ?
Title: Yandex Source Code Repository Leak
Description: A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. The threat actor behind the post claimed to have obtained 44.7 GB of files in July 2022, all the files are dated back to 24 February 2022 (the date of the Russian invasion of Ukraine). The leaked repository contained the source code for all major services of Yandex, including: Search Engine and Indexing Bot, Maps – Like Google Maps and Street View, Alice – AI assistant like Siri / Alexa, Taxi – Uber-like taxi service, Direct – Ads service like Google Ads / Adwords, Mail – Mail service like GMail, Disk – File storage service like Google drive, Market – Marketplace like Amazon, Travel – Like a Booking.com plus Airplane, Train and Bus tickets, Yandex360 – Like Google Workspaces for services on your own domain, Cloud – Probably not all infrastructure code was leaked., Pay – Payment processing like Stripe, but with a limited set of features, Metrika – Like Google Analytics. The company started investigating the data leak, however, pointed out that user data were not compromised and platform performance was not impacted.
Type: Data Leak
Attack Vector: Insider Threat
Threat Actor: Former Employee
Title: Yandex Source Code Repository Breach
Description: A Yandex source code repository purportedly stolen by a former worker of the Russian IT giant was exposed on a well-known forum for cybercrime. The breach includes the contents of git repositories with some API keys, but user data was unaffected.
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized access to source code repository
Threat Actor: Former employee
Motivation: Unknown
Title: Yandex Security Breach by LianSpy Spyware
Description: Yandex, a prominent Russian technology corporation, experienced a significant security breach involving a novel Android spyware named LianSpy. The malware targeted Russian users, covertly capturing screencasts, exfiltrating files, and harvesting sensitive user data such as call logs and app lists. LianSpy employed Yandex Cloud services to facilitate command and control communications, complicating efforts to detect and attribute the malware activity. The breach demonstrates the increasing sophistication of cyber threats, as well as the challenges organizations face in protecting user data against clandestine and advanced cyberespionage tactics.
Type: Malware
Attack Vector: Android Spyware
Motivation: Cyberespionage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak YAN21827123
Data Compromised: Source code
Systems Affected: All major services of Yandex
Incident : Data Breach YAN224381023
Data Compromised: Source code, Api keys
Systems Affected: Git repositories
Incident : Malware YAN000081124
Data Compromised: Screencasts, Files, Call logs, App lists
Systems Affected: Yandex Cloud services
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Source Code, Source Code, Api Keys, , Screencasts, Files, Call Logs, App Lists and .
Which entities were affected by each incident ?
Incident : Data Breach YAN224381023
Entity Name: Yandex
Entity Type: Company
Industry: IT
Location: Russia
Incident : Malware YAN000081124
Entity Name: Yandex
Entity Type: Technology Corporation
Industry: Technology
Location: Russia
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak YAN21827123
Type of Data Compromised: Source Code
Incident : Data Breach YAN224381023
Type of Data Compromised: Source code, Api keys
File Types Exposed: Source code files
Incident : Malware YAN000081124
Type of Data Compromised: Screencasts, Files, Call logs, App lists
References
Where can I find more information about each incident ?
Incident : Data Leak YAN21827123
Source: BleepingComputer
Incident : Data Breach YAN224381023
Source: Cyber Incident Description
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputerUrl: https://www.bleepingcomputer.com/news/security/yandex-source-code-repository-leaked-by-former-employee/, and Source: Cyber Incident Description.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Leak YAN21827123
Investigation Status: Ongoing
Incident : Data Breach YAN224381023
Investigation Status: Investigation ongoing
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Former Employee and Former employee.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Source Code, , Source code, API keys, , screencasts, files, call logs, app lists and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was All major services of Yandex and Git repositories and Yandex Cloud services.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were app lists, call logs, screencasts, Source Code, Source code, API keys and files.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description and BleepingComputer.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.bleepingcomputer.com/news/security/yandex-source-code-repository-leaked-by-former-employee/ .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=yandex' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
