Yandex Dismissed an Employee who sells User’s Data Online!

Yandex Dismissed an Employee who sells User’s Data Online!

On Friday, Yandex the Russian search engine and email service provider discovered a data breach that compromised more than 4800 + email accounts of users. The organization fired the unnamed employee who is responsible for this data leak.

The Yandex spokesperson said that the employee was one of the system administrators and having all the necessary permissions to assist the technical support for the service. Whereas this data breach was founded during the regular audit by the company security team and there is no sign that the user payment credentials had been compromised during this attack and the organization also sent notification to affected users while updating their passwords.

The spokesperson also said that it is not identified when this data leak was initiated, a legal investigation is under process and we will be updating our administrative policies accordingly. We are also informed to law enforcement agencies and we will be taking all the steps that will reduce the effect of these attacks.

How the Insider Threats Continue Causing Data Leak?

Insider Threats Continue Causing Data Leak?

Last month, a 35-year-old former ADT technician, Telesforo Aviles was guilty of cyber fraud and invasive visual recording and repeatedly breaking the camera and view the customer’s kinds of stuff, organization fires the employee after the investigation in April 2020.

After that in December, Cisco fired, Sudhish Kasaba Ramesh a 31-year-old talented engineer was arrested and stay in prison for 24 months. The employee is responsible for deleting 16000+ Webbex accounts without permission that cost them $2.4 million and $1,400,000 employee cost and $1,000,000 customer refunds.

Whereas in October 2020, Amazon dismissed an employee who is responsible for sharing the personal customer data to third-party authorization. Along with that in November 2019, a Cybersecurity organization Trend Micro fired an employee who sold 68000 customer data to cybercriminals and after that, the attackers start targeting the customers one by one listed on the database.

Now read the upcoming section to know about how to prevent these threats.

Tips to Prevent Insider Threats 

  • Educate Users : Users are the greatest strength of the organization, but sometimes they became a liability. Aware users about phishing attacks misused public WiFi, or don’t share data with others. 
  • Access Management : To ensure your data is safe you need to know who has access to it and where is your data is. By minimizing access to your data will reduce the risk of insider threats. 
  • Restrict Copy or Transfer Data : Block users from transferring or copying data to external files. This will make it more difficult for users to steal your information or shared user information with others. 
  • Aware from Third-Party Vendors : Many third-party vendors are taken access to the organization’s network, which increases the risk of security breaches. Always know about the vendor, before giving access to them. 
  • Use Geo-Fencing : It places physical boundaries around your organization when users accessing your data. You can also set alerts so that notifications will pop-up as the device goes out of network. 
  • Implement Strong Authentication : Always make a password with good complexity and never used it in multiple places. Make sure to activate Multi-Factor authentication to avoid unauthorized access.

Follow these tips to avoid unauthorized access and protect your organization data from insider therats.

Leave a Reply