Hi,

I have some doubts that this is a rival company as there also have been reports that the message asking drivers to switch to a competitor (Wheely) was more likely another fake here, too.

This is more like any other denial of service attack: unfortunately there are too many miscreants out there who simply enjoy the visible trouble they cause. Interesting to see that there were no reports about ransom and no group claims this attack for themselves - which is another reason why I believe that this is more a general disruptive attack.

I am more worried that all media simply reused the words from the first twitter message and repeated the claim that Yandex was hacked. Their own responses however simply indicate that these were fake orders created by fake accounts and we can argue if this should be titled as a group have hacked the company.

Yandex also replied that they have adjusted their systems to detect (and hopefully also prevent) such attacks in the future. This can be done by throttling the orders to a location but I am more interested on how these folks could create the required fake accounts. Is there someone from Russia who could explain on how their account verification works (phone number verification via SMS? email verification via link? credit card verification? any captchas involved to avoid mass creation? etc.)? Any reports on whether these were new created fake accounts (how many?) or account takeovers of existing accounts (e.g. credentials stuffing)?