Masu haɓaka manajan kalmar sirri na LastPass, wanda fiye da mutane miliyan 33 da kamfanoni sama da 100 ke amfani da shi, sun sanar da masu amfani da su game da wani lamarin da maharan suka yi nasarar samun damar yin amfani da kwafin ajiyar ajiya tare da bayanan masu amfani da sabis ɗin. Bayanan sun haɗa da bayanai kamar sunan mai amfani, adireshi, imel, waya da adiresoshin IP waɗanda aka sami damar sabis ɗin daga gare su, da kuma sunayen rukunin yanar gizon da ba a ɓoye ba da aka adana a cikin mai sarrafa kalmar sirri da rufaffen shiga, kalmomin shiga, bayanan tsari da bayanan kula da aka adana a waɗannan rukunin yanar gizon.
Don kare shiga da kalmomin shiga zuwa shafuka, an yi amfani da ɓoyayyen AES tare da maɓallin 256-bit da aka samar ta amfani da aikin PBKDF2 bisa babban kalmar sirri da aka sani kawai ga mai amfani, tare da ƙaramin girman haruffa 12. Rufaffen ɓoyewa da ɓoye bayanan shiga da kalmomin shiga a cikin LastPass ana yin su ne kawai a gefen mai amfani, kuma ana ganin ƙimantan kalmar sirri ba gaskiya ba ne akan kayan aikin zamani, idan aka yi la'akari da girman babban kalmar sirri da adadin da aka yi amfani da shi na iterations PBKDF2.
Don kai harin, sun yi amfani da bayanan da maharan suka samu a lokacin harin na karshe da ya faru a watan Agusta kuma an kai su ta hanyar sasantawa na asusun daya daga cikin masu haɓaka sabis. Kutse na watan Agusta ya haifar da maharan samun damar yin amfani da yanayin ci gaba, lambar aikace-aikacen, da bayanan fasaha. Daga baya ya bayyana cewa maharan sun yi amfani da bayanai daga mahallin ci gaban don kai hari ga wani mai haɓakawa, sakamakon haka sun sami nasarar samun maɓallan ma'ajiyar girgije da maɓalli don cire bayanan daga kwantenan da aka adana a wurin. Sabar gajimare da aka yi sulhu sun dauki nauyin cikakken bayanan sabis na ma'aikaci.
source: budenet.ru