News

Yandex apologized for the “N-word” in its code and explained the scandalous leak by the carelessness of employees

usiic_adminComment(0)

The Yandex company has published the first results of an internal corporate investigation into the leakage of fragments of the program code of some services. Representatives of the IT giant assure that there is no threat to the safety of users and the performance of services, but admitted that the code contained data from taxi drivers and racist statements, and “Alice” was sometimes turned on without the permission of users.

Outdated repository version

Representatives of Yandex shared the first results of an investigation into the leakage of the program code of some of the company’s services to the public. The message was published on the official page of “Yandex”.

Information security specialists admitted that the published fragments were taken from an internal repository with which developers work with the code. However, the contents of the archive that got on the Web are outdated and differ from the current version, the company assures.

In addition, parts of the code contained test algorithms that were used only inside Yandex to verify the correct operation of services.

photogenica-phx462042774_600.jpg

The leak of the code became the reason for a large-scale internal corporate investigation

“Primary analysis showed that the published fragments do not pose any threat to the security of our users or the performance of services,” the release notes.

The company said that in the near future they will create a new service that will be responsible for the compliance of the code with corporate principles and policies. Data from the repository that is not related to the algorithms and settings of the services is already transferred – this way they will be better protected.

See also  Gal Gadot's "Heart of Stone": A Spy Flick with Untapped Potential

Large-scale investigation

The incident became the reason for auditing the entire contents of the repository. The company’s specialists discovered facts of violations of policies, principles and rules of their own corporate ethics.

So, the code contained the contact details of the drivers of the Yandex.taxi service , including their phone numbers and driver’s licenses. Information was transferred from one taxi company to another. One of the algorithms turned on the microphone of a mobile gadget for several seconds without notifying the user; it was written to combat false positives to improve the quality of ” Alice’s ” activation.

In the Yandex.Lavka service , the developers discovered the possibility of setting product recommendations without the “advertising” mark. Some parts of the code, the information security specialists admitted, contained words that did not affect the operation of the services, but were offensive to people of different races and nationalities. In this regard, we note that after the leakage in Runet , a screenshot of a fragment of code with the word Nikger, which, although in a slightly different spelling, is considered offensive to the US blacks (if necessary, appears in the press in the form of a “n-word”).

“One of the principles of Yandex says: our work is based on the principles of honesty and transparency,” the release notes. – We proceed from the fact that any internal dialogue, document or source code can become public under certain circumstances. And if this happens, we should not be ashamed. Now we are very ashamed, and we apologize to our users and partners.”

Causes of the leak

Representatives of “Yandex” said that the leak was related to the developers’ attempts to manually improve the service or fix the error. This was practiced due to the fact that Yandex for many years professed the Zero Bug Policy approach or zero tolerance for bugs . As a result, the errors were fixed with the help of temporary solutions. Now the company plans to rethink its methods.

See also  In France, they began installing hybrid solar-wind generators on the roofs of buildings

RBC , citing an unofficial representative of the company, reports that the source of the leak was a Yandex employee, and the hacker attack had nothing to do with it.

Technoethics and morality

Representatives of the company wondered how their solution meets the norms of universal morality and the company’s own principles, and how understandable it is to users and partners.

“It became obvious that the company’s management paid little attention to these issues,” Yandex admitted, adding that they would soon publish the standards and principles of technoethics on their website.

As an example of following technostandards, the company cited Yandex’s decision in 2020 not to allow the browser to find people from photos so as not to violate their personal security. Also, Yandex did not develop a project to assess potential bank customers who want to get a loan.

History of “plum”

Recall that an archive with 45 GB of source codes and related data from Yandex services and programs appeared on the Internet on January 25, 2023. All the leaked files were dated February 24, 2022.

The codes for most of the company’s services – mail, music, cloud , as well as a taxi aggregator – were in the public domain. In a conversation with CNews, information security specialists noted that it will now be much easier for attackers to find vulnerabilities in Yandex services, and in the future, large leaks of user data can be expected.

In an interview with uSiic.co, head of the Internet Investigation Company , added that someone will now be able to “repeat the know-how of Yandex development, some tricks and nuances.”

“It is clear that many will now be examining the leaked code to understand how the company monitors its users and what data it collects. This is not the first leak of this kind, but, of course, it will be hushed up. The company, as always, will say that all this is useless junk,” Bederov said.

See also  What is known to mankind about extraterrestrial civilizations, the so-called UFOs

👁️: 342
usiic_admin
Greetings ! I am the founder of the usiic.co platform since 2022, I am also the editor-in-chief, I hope you will find the usiic platform useful, in which I have invested a lot of time and effort. I am interested in many areas, and on the blog I share my impressions, advice and experience. I would be very grateful if you rate my post and share yours: https://usic.co
https://usiic.co/groups/news/

Related Articles
News

Intense Showdowns and Return of Heroes: Unveiling the Drama of the Champions League Draw

SportingNews

As the soccer world braces itself for another exhilarating season of Europe’s premier tournament, the UEFA Champions League, the recent draw ceremony at The Grimaldi Forum in the Principality of Monaco has set the stage for a series of high-octane clashes and emotional reunions. The anticipation is palpable as fans eagerly await the kick-off of […]
Finance News

PayPal Unveils PYUSD, a Groundbreaking Stablecoin for Digital Payments and Web3

usiic_admin

In a game-changing move, PayPal, the renowned payments giant, has officially launched its very own stablecoin named PayPal USD (PYUSD). This innovative digital asset is set to revolutionize the world of digital payments and Web3, providing users with seamless compatibility across various exchanges, wallets, and applications. PYUSD, pegged at a 1:1 ratio to the US […]
News

Border blockade and crap on the streets: What farmers’ protests caused in other countries

usiic_admin

Germany’s agriculture is booming. Numerous farmers are protesting against the federal government’s planned austerity plans – the government has partially given in. Farmers also put pressure on politicians in other European countries. What it was about and what they ach Since December, farmers have been demonstrating regularly in many places in Germany against the federal government’s planned austerity […]

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Комментарий
Inline Feedbacks
View all comments