ʻOiai e leʻaleʻa ana kekahi i kā lākou mau hoʻomaha kauwela, ua hauʻoli kekahi i kā lākou lawe ʻana i ka ʻikepili koʻikoʻi. Ua hoʻomākaukau ʻo Cloud4Y i kahi hiʻohiʻona pōkole o nā ʻike leʻaleʻa i kēia kauwela.
June
1.
ʻOi aku ma mua o 400 tausani mau leka uila a me 160 tausani mau helu kelepona, a me 1200 mau inoa inoa inoa inoa no ka loaʻa ʻana o nā moʻolelo pilikino o nā mea kūʻai aku o ka ʻoihana kaʻa nui ʻo Fesco i loko o ka lehulehu. Aia paha ka liʻiliʻi o ka ʻikepili maoli, no ka mea... hiki ke hoʻokomo hou ʻia.
He kūpono nā logins a me nā ʻōlelo huna, ʻae lākou iā ʻoe e kiʻi i ka ʻike piha e pili ana i ka lawe ʻana i hana ʻia e ka ʻoihana no kahi mea kūʻai aku, me nā palapala hōʻoia o ka hana paʻa a me nā scans o nā invoices me nā peʻa.
Ua hoʻolaha ʻia ka ʻikepili ma o nā lāʻau i waiho ʻia e ka polokalamu CyberLines i hoʻohana ʻia e Fesco. Ma waho aʻe o nā loina a me nā ʻōlelo huna, loaʻa i nā lāʻau nā ʻikepili pilikino o nā ʻelele o nā hui mea kūʻai aku Fesco: nā inoa, nā helu passport, nā helu kelepona.
2.
Ma Iune 9, 2019, ua ʻike ʻia e pili ana i kahi leak data o 900 tausani mau mea kūʻai aku o nā panakō Lūkini. Ua hoʻolaha ʻia ka ʻikepili passport, nā helu kelepona, nā wahi noho a me nā hana a nā kamaʻāina o ka Russian Federation. Ua hoʻopilikia ʻia nā mea kūʻai aku o Alfa Bank, OTP Bank a me HKF Bank, a ma kahi o 500 mau limahana o ka Ministry of Internal Affairs a me 40 poʻe mai ka FSB.
Ua ʻike ka poʻe loea i ʻelua waihona ʻikepili o nā mea kūʻai aku o Alfa Bank: aia kekahi ʻikepili ma mua o 55 tausani mau mea kūʻai mai 2014–2015, ʻo ka lua he 504 mau moʻolelo mai 2018–2019. Aia ka lua o ka waihona i ka ʻikepili e pili ana i ke koena moʻokāki, i kaupalena ʻia i ka laulā o 130-160 tausani rubles.
lulai
Me he mea lā ua hoʻomaha ka hapa nui o ka poʻe i Iulai, no laila hoʻokahi wale nō leak i ʻike ʻia i ka mahina holoʻokoʻa. Aka, i ka mea a!
3.
I ka hopena o ka mahina, ua ʻike ʻia e pili ana i ka leak data nui loa o nā mea kūʻai panakō. Ua pilikia ka paʻa kālā ʻo Capital One, e manaʻo ana i ka pōʻino ma $ 100-150 miliona. Ma muli o ka hack, loaʻa i nā mea hoʻouka ke komo i ka ʻikepili o 100 miliona mau mea kūʻai aku ʻo Capital One ma US a me 6 miliona ma Kanada. Ua hoʻopili ʻia nā ʻike mai nā noi no nā kāleka hōʻaiʻē a me nā ʻikepili o nā mea paʻa kāleka.
Ua ʻōlelo ka hui ʻo ka ʻikepili kāleka hōʻaiʻē ponoʻī (nā helu, nā code CCV, a me nā mea ʻē aʻe) i noho palekana, akā 140 tausani mau helu mālama ola a me 80 tausani mau waihona kālā i ʻaihue ʻia. Eia kekahi, ua loaʻa i nā scammers nā moʻolelo hōʻaiʻē, nā ʻōlelo, nā ʻōlelo, nā lā hānau a me nā uku o nā mea kūʻai aku o ka ʻoihana kālā.
Ma Kanada, ma kahi o hoʻokahi miliona mau helu palekana i hoʻopaʻa ʻia. Loaʻa i nā mea hackers ka ʻikepili i nā kālepa kāleka i hoʻopuehu ʻia ma luna o 23 mau lā no 2016, 2017 a me 2018.
Ua hana ʻo Capital One i kahi hoʻokolokolo kūloko a ʻōlelo ʻo ia ʻaʻole paha i hoʻohana ʻia ka ʻike i ʻaihue ʻia no nā hana hoʻopunipuni. Manaʻo wau he aha nā mea i hoʻohana ʻia i kēlā manawa?
ʻOʻAukake
I ka hoʻomaha ʻana i Iulai, ua hoʻi mākou i ʻAukake me ka ikaika hou. No laila.
Nui nā mea i ʻōlelo ʻia e pili ana i ka mālama ʻana i nā biometrics a eia mākou e hele hou ...
4.
Ma ka waena o ʻAukake 2019, ua ʻike ʻia kahi leaka o ʻoi aku ma mua o hoʻokahi miliona mau manamana lima a me nā ʻikepili koʻikoʻi ʻē aʻe. Ua ʻōlelo nā limahana o ka hui ua loaʻa iā lākou ka ʻike biometric mai ka polokalamu Biostar 2.
Hoʻohana ʻia ʻo Biostar 2 e nā kaukani o nā ʻoihana a puni ka honua, me nā mākaʻi o London, e kāohi i ke komo ʻana i nā pūnaewele paʻa. Ua ʻōlelo ʻo Suprema, ka mea hoʻomohala o Biostar 2, ke hana nei ʻo ia i kahi hopena i kēia pilikia. Hoʻomaopopo ka poʻe noiʻi me nā moʻolelo manamana lima, ua loaʻa iā lākou nā kiʻi o nā kānaka, ka ʻike maka maka, nā inoa, nā helu wahi, nā ʻōlelo huna, ka mōʻaukala hana a me nā moʻolelo o nā kipa ʻana i nā wahi palekana. Ua hopohopo nā poʻe he nui ʻaʻole i hōʻike ʻo Suprema i ka haki ʻana o ka ʻikepili i hiki ai i kāna mau mea kūʻai ke hana ma ka ʻāina.
Ma ka huina, 23 gigabytes o ka ʻikepili i loaʻa ma kahi o 30 miliona mau moʻolelo i ʻike ʻia ma ka pūnaewele. Hoʻomaopopo ka poʻe noiʻi ʻaʻole hiki i ka ʻike biometric ke lilo i mea huna ma hope o kēlā leak. Ma waena o nā hui i hoʻokuʻu ʻia ka ʻikepili ʻo Power World Gyms, kahi hale haʻuki ma India a me Sri Lanka (113 mau mea hoʻohana me nā manamana lima), Global Village, kahi ʻahaʻaina makahiki ma UAE (796 fingerprints), Adecco Staffing, kahi hui hoʻolimalima Belgian (15). manamana lima). Ua hoʻopilikia ka leaak i nā mea hoʻohana a me nā ʻoihana Pelekane - ua loaʻa manuahi nā miliona o nā moʻolelo pilikino.
Ua hoʻolaha aku ka ʻōnaehana uku ʻo Mastercard i nā mea hoʻoponopono Belgian a me Kelemania i ka lā 19 ʻAukake ua hoʻopaʻa ka hui i kahi leak data o kahi "nui" o nā mea kūʻai aku, "he hapa nui o ia" he kamaʻāina Kelemania. Ua hōʻike ka hui ua lawe ʻo ia i nā hana kūpono a holoi i nā ʻikepili pilikino āpau o nā mea kūʻai aku i ʻike ʻia ma ka Pūnaewele. Wahi a Mastercard, pili ka hanana i ka papahana kūpaʻa o kahi hui Kelemania ʻekolu.
5.
I kēia manawa, ʻaʻole nō hoʻi i hiamoe ko kākou mau hoa makaʻāinana. E like me kā lākou e ʻōlelo nei: "Mahalo i ka Russian Railways, akā ʻaʻole."
Leak o ka ʻikepili o nā limahana o Russian Railways, ʻo ia , lilo i ka lua nui loa ma Rusia ma 2019. ʻO nā helu SNILS, nā helu, nā helu kelepona, nā kiʻi, nā inoa piha a me nā kūlana o 703 tausani mau limahana ʻo Russian Railways mai 730 tausani i hoʻolaha ʻia i ka lehulehu.
Ke nānā nei ʻo Russian Railways i ka hoʻolaha a hoʻomākaukau i kahi hoʻopiʻi i nā keʻena hoʻokō kānāwai. ʻAʻole i ʻaihue ʻia ka ʻikepili pilikino o nā mea kaʻa, hōʻoia ka ʻoihana.
6.
A i nehinei nei, ua hoʻolaha ʻo Imperva i kahi leak o ka ʻike huna mai kekahi o kāna mau mea kūʻai aku. Ua hoʻopilikia kēia hanana i nā mea hoʻohana o ka lawelawe ʻo Imperva Cloud Web Application Firewall CDN, i kapa mua ʻia ʻo Incapsula. Wahi a kahi paʻi ma ka pūnaewele Imperva, ua ʻike ka ʻoihana i ka hanana ma ʻAukake 20 i kēia makahiki ma hope o ka hōʻike ʻana o kahi leak data no kekahi mau mea kūʻai aku i ka lawelawe ma mua o Kepakemapa 15, 2017.
ʻO ka ʻike i hoʻopaʻapaʻa ʻia nā leka uila a me nā hashes password o nā mea hoʻohana i hoʻopaʻa inoa ma mua o Kepakemapa 15, 2017, a me nā kī API a me nā palapala SSL o kekahi mau mea kūʻai. ʻAʻole i hōʻike ka hui i nā kikoʻī e pili ana i ke ʻano o ka leak data. Manaʻo ʻia nā mea hoʻohana o ka lawelawe Cloud WAF e hoʻololi i nā ʻōlelo huna no kā lākou mau moʻokāki, e hiki ai i ka hōʻoia ʻelua kumu a hoʻokō i kahi mīkini hōʻailona hoʻokahi (Single Sign-On), a me ka hoʻoiho ʻana i nā palapala SSL hou a hoʻonohonoho hou i nā kī API.
I ka hōʻiliʻili ʻana i ka ʻike no kēia hōʻiliʻili, ua puka mai ka manaʻo: ʻehia ka nui o nā leaks maikaʻi e lawe mai iā mākou?
He aha hou kāu e heluhelu ai ma ka blog?
→
→
→
→
→
Kau inoa i kā mākou -channel, i ʻole e poina i ka ʻatikala aʻe! ʻAʻole mākou e kākau ʻoi aku ma mua o ʻelua manawa i ka pule a ma ka ʻoihana wale nō.
Source: www.habr.com