Ngelixa abanye bebesonwabele iiholide zabo zasehlotyeni, abanye bebesonwabela ukuthuthwa kwedatha ebuthathaka. I-Cloud4Y ilungiselele umboniso omfutshane wokuvuza kwedatha echukumisayo kweli hlobo.
uJuni
1.
Ngaphezulu kweedilesi ze-imeyile ezingamawaka angama-400 kunye neenombolo zefowuni ezingamawaka angama-160, kunye ne-1200 yokungena-i-password pairs zokufikelela kwiiakhawunti zobuqu zabathengi beyona nkampani inkulu yezothutho iFesco yayikwisizinda sikawonke-wonke. Kukho mhlawumbi idata yokwenyani encinci, kuba... amangeno angaphindwa.
Ukungena kunye neephasiwedi zivumelekile, zikuvumela ukuba ufumane ulwazi olupheleleyo malunga nokuthutha okwenziwa yinkampani kumthengi othile, kubandakanywa izatifikethi zomsebenzi ogqityiweyo kunye nokuskena kwee-invoyisi ezinesitampu.
Idatha yenziwe yafumaneka esidlangalaleni ngeelog ezishiywe yiCyberLines software esetyenziswa nguFesco. Ukongeza kwi-logins kunye ne-passwords, iilogi nazo ziqulethe idatha yobuqu yabameli beenkampani zabathengi be-Fesco: amagama, iinombolo zepaspoti, iinombolo zomnxeba.
2.
NgoJuni 9, 2019, kuye kwaziwa malunga nokuvuza kwedatha yabathengi abangamawaka angama-900 beebhanki zaseRussia. Idatha yepasipoti, iinombolo zomnxeba, iindawo zokuhlala kunye nomsebenzi wabemi baseRussian Federation zenziwe zifumaneke esidlangalaleni. Abathengi beBhanki ye-Alfa, iBhanki ye-OTP kunye neBhanki ye-HKF bachaphazelekayo, kunye nabasebenzi abamalunga nama-500 beSebe leMicimbi yangaphakathi kunye nabantu abangama-40 abavela kwi-FSB.
Iingcali zifumene i-database ezimbini zabathengi be-Alfa Bank: enye iqulethe idatha kubathengi abangaphezu kwe-55 amawaka ukusuka kwi-2014-2015, okwesibini iqulethe iirekhodi ze-504 ukusuka kwi-2018-2019. I-database yesibini nayo iqulethe idatha kwibhalansi ye-akhawunti, inqunyelwe kuluhlu lwe-ruble eyi-130-160 lamawaka.
uJulayi
Kubonakala ngathi abantu abaninzi bebekwiholide kaJulayi, ke bekukho ukuvuza okubonakalayo inyanga yonke. Kodwa ntoni!
3.
Ekupheleni kwenyanga, kwaziwa malunga nokuvuza kwedatha enkulu yabathengi bebhanki. Ukubamba imali kwi-Capital One yahlupheka, iqikelela umonakalo kwi-100-150 yezigidi zeedola Ngenxa ye-hack, abahlaseli bafumana ukufikelela kwidatha ye-100 yezigidi ze-Capital One e-US kunye ne-6 yezigidi eCanada. Ulwazi oluvela kwizicelo zamakhadi okuthenga ngetyala kunye nedatha yabanini makhadi abakhoyo iye yachatshazelwa.
Inkampani ithi idatha yekhadi lesikweletu ngokwayo (amanani, iikhowudi zeCCV, njl.) zahlala zikhuselekile, kodwa i-140 yamawaka eenombolo zokhuseleko loluntu kunye nee-akhawunti zebhanki ezingamawaka angama-80 zibiwe. Ukongeza, abakhohlisi bafumana iimbali zetyala, iingxelo, iidilesi, imihla yokuzalwa kunye nemivuzo yabathengi beziko lezemali.
EKhanada, malunga nesigidi samanani okhuseleko loluntu aye athotywa. Abahlaseli baphinde bafumana idatha kwiintengiselwano zekhadi ezisasazwe kwiintsuku ze-23 ze-2016, i-2017 kunye ne-2018.
I-Capital One yenza uphando lwangaphakathi kwaye yachaza ukuba ulwazi olubiweyo akunakwenzeka ukuba lusetyenziselwe iinjongo zobuqhophololo. Ndiyazibuza ukuba yayisetyenziswa kweyiphi ngoko?
Август
Ekubeni sasiphumle ngoJulayi, sabuyela ngoAgasti ngamandla ahlaziyiweyo. Ngoko.
Kuninzi esele kuthethiwe malunga nokugcina i-biometrics kwaye apha siyaphinda kwakhona ...
4.
Embindini ka-Agasti ka-2019, kwafunyanwa ukuvuza kweminwe engaphezulu kwesigidi kunye nenye idatha enovakalelo. Abasebenzi benkampani bathi bafumana ukufikelela kwidatha ye-biometric kwi-software ye-Biostar 2.
I-Biostar 2 isetyenziswa ngamawaka eenkampani emhlabeni jikelele, kubandakanywa namaPolisa aseLondon, ukulawula ukufikelela kwiindawo ezikhuselekileyo. U-Suprema, umphuhlisi we-Biostar 2, uthi sele esebenza kwisisombululo kule ngxaki. Abaphandi bayaqaphela ukuba kunye neerekhodi zeminwe, bafumene iifoto zabantu, idatha yokuqaphela ubuso, amagama, iidilesi, iiphasiwedi, imbali yengqesho kunye neerekhodi zokutyelela kwiindawo ezikhuselweyo. Amaxhoba amaninzi anenkxalabo yokuba i-Suprema ayizange ichaze ukophulwa kwedatha okunokwenzeka ukuze abathengi bayo bathathe inyathelo emhlabeni.
Lilonke, i-23 gigabytes yedatha equlethe iirekhodi ezimalunga nezigidi ezingama-30 zifunyenwe kwinethiwekhi. Abaphandi baqaphela ukuba ulwazi lwebhayometriki alunakuze lube yimfihlo emva kokuvuza okunjalo. Phakathi kweenkampani eziye zavuza idatha yazo yayiyi-Power World Gyms, i-gym e-Indiya naseSri Lanka (iirekhodi ze-113 zabasebenzisi ezibandakanya iminwe), i-Global Village, umthendeleko wonyaka kwi-UAE (796 fingerprints), i-Adecco Staffing, inkampani yaseBelgium yokuqasha (15). iminwe). Ukuvuza kwachaphazela abasebenzisi baseBritane kunye neenkampani ezona zininzi - izigidi zeerekhodi zobuqu bezifumaneka simahla.
Inkqubo yokuhlawula i-Mastercard yazisa ngokusemthethweni abalawuli baseBelgium nabaseJamani ukuba ngo-Agasti 19 inkampani irekhode ukuvuza kwedatha evela "kwinani elikhulu" labathengi, "inxalenye ebalulekileyo" ngabemi baseJamani. Inkampani ibonise ukuba ithathe amanyathelo ayimfuneko kwaye yacima yonke idatha yobuqu yabathengi evele kwi-Intanethi. Ngokutsho kwe-Mastercard, isiganeko sinxulumene nenkqubo yokunyaniseka yenkampani yesithathu yaseJamani.
5.
Ngeli xesha, abantu bakuthi nabo abalali. Njengoko besithi: "Enkosi kwiRailways yaseRussia, kodwa hayi."
Ukuvuza kwedatha yabasebenzi baseRussia Railways, leyo , yaba ngowesibini ngobukhulu eRashiya ngowama-2019. Iinombolo ze-SNILS, iidilesi, iinombolo zomnxeba, iifoto, amagama apheleleyo kunye nezikhundla ze-703 lamawaka abasebenzi baseRussia Railways abaphuma kwi-730 lamawaka benziwa bafumaneke esidlangalaleni.
I-Russian Railways ihlola ukupapashwa kwaye ilungiselela isibheno kwii-arhente zokunyanzeliswa komthetho. Idatha yobuqu yabagibeli ayizange ibiwe, inkampani iqinisekisa.
6.
Kwaye nje izolo, i-Imperva ibhengeze ukuvuza kolwazi oluyimfihlo kwinani labathengi bayo. Esi siganeko sichaphazele abasebenzisi benkonzo ye-CDN ye-Imperva Cloud Web Application Firewall, eyayisaziwa ngokuba yi-Incapsula. Ngokwengxelo epapashwe kwi-website ye-Imperva, le nkampani iye yaqaphela esi sehlo ngomhla we-20 ka-Agasti kulo nyaka emva kwengxelo yokuvuza kwedatha kubathengi abaninzi ababene-akhawunti kule nkonzo ngaphambi komhla we-15 kuSeptemba 2017.
Ulwazi oluphazamisekileyo lubandakanya iidilesi ze-imeyile kunye ne-password hashes yabasebenzisi ababhalise ngaphambi kwe-15 Septemba 2017, kunye nezitshixo ze-API kunye neziqinisekiso ze-SSL zabathengi abathile. Inkampani ayizange ichaze iinkcukacha malunga nokuba kwenzeka njani ukuvuza kwedatha. Abasebenzisi benkonzo ye-Cloud WAF bayacetyiswa ukuba batshintshe amagama ayimfihlo kwiiakhawunti zabo, benze ukuqinisekiswa kwezinto ezimbini kwaye basebenzise indlela yokusayina enye (i-Single Sign-On), kunye nokukhuphela iziqinisekiso ezitsha ze-SSL kunye nokusetha kwakhona izitshixo ze-API.
Xa uqokelela ulwazi lwale ngqokelela, kwavela ingcinga engazikhethelanga: zingaphi ukuvuza okumangalisayo okuya kusizisa ekwindla?
Yintoni enye onokuyifunda kwiblogi?
→
→
→
→
→
Bhalisela yethu -ijelo ukuze ungaphoswa linqaku elilandelayo! Asibhali ngaphezu kwesibini ngeveki kwaye kuphela kwishishini.
umthombo: www.habr.com