Yandex Passport OAuth Token
Service Name: Yandex
Service Description: Yandex is a Russian multinational technology company providing various internet-related products and services, including search engine, cloud services, maps, email, and more. Yandex Passport is their authentication and authorization system.
Service Address: https://yandex.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the application level through Yandex OAuth settings.
Secret Access Scope: Grants access to Yandex services and APIs based on the scopes requested during OAuth authorization. Can provide access to user data, Yandex Cloud resources, and other Yandex services.
Secret Revokement URL: https://passport.yandex.com/profile/access
Secret Example: y0_AgAAAABkGu5pAADLWwAAAADZOvj6YOoR-nUfA9SHuTapVKsN1234567
Suspicious Activity Investigation Instructions:
- Check the Yandex OAuth application settings to see which applications have been authorized
- Review the access logs in Yandex account security settings
- Verify the permissions and scopes granted to the token
- Check for any unauthorized API calls or data access using the token
- Monitor for unusual activity patterns or access from unexpected locations
Mitigation Instructions:
- Log in to your Yandex account at https://passport.yandex.com/
- Navigate to "Security and Login" or "Profile" section
- Go to "Connected Apps and Services" or "Access" section
- Find the application associated with the compromised token
- Click "Revoke Access" or "Remove" to invalidate the token
- Generate a new token if needed with appropriate scopes
- Consider enabling two-factor authentication for your Yandex account
- Review and update security settings for your Yandex account