Nakuba abanye babejabulela amaholide abo asehlobo, abanye babejabulela ukuqoqa idatha eyimfihlo. I-Cloud4Y ilungiselele umbono omfushane wokwephulwa kwedatha okudumile kuleli hlobo.
June
1.
Amakheli e-imeyili angaphezu kuka-400 nezinombolo zocingo ezingu-160, kanye nama-password angu-1200 okufinyelela ama-akhawunti omuntu siqu amaklayenti eFesco, inkampani enkulu yezokuthutha, adaluliwe. Idatha yangempela cishe incane, njengoba okufakiwe kungaba okuphindwe kabili.
Ukungena ngemvume namaphasiwedi kuyasebenza futhi kuvumela ukufinyelela kolwazi oluphelele mayelana nokuthunyelwa okuqediwe yinkampani kumakhasimende athile, kufaka phakathi izitifiketi zokuphothula umsebenzi kanye namakhophi askeniwe amanothi okuthunyelwa avaliwe.
Idatha yatholakala esidlangalaleni ngamalogi ashiywe yisofthiwe ye-CyberLines, esetshenziswa yi-Fesco. Ngaphezu kokungena ngemvume namaphasiwedi, amalogi aqukethe nolwazi lomuntu siqu lwezinkampani zamakhasimende e-Fesco: amagama, izinombolo zepasipoti, kanye nezinombolo zocingo.
2.
Ngomhlaka-9 Juni 2019, kwabikwa ukwephulwa kwedatha okubandakanya amakhasimende asebhange laseRussia angu-900. Ulwazi lwepasipoti, izinombolo zocingo, indawo yokuhlala, kanye namakheli omsebenzi ezakhamuzi zaseRussia kwadalulwa. Amakhasimende e-Alfa-Bank, i-OTP Bank, kanye ne-KhKF-Bank athintekile, kanye nabasebenzi abangaba ngu-500 boMnyango Wezangaphakathi kanye namalungu angu-40 e-FSB.
Ochwepheshe bathole izizindalwazi ezimbili zamakhasimende e-Alfa-Bank: eyodwa iqukethe idatha yamakhasimende angaphezu kuka-55 kusukela ngo-2014-2015, kanti eyesibili iqukethe amarekhodi angu-504 kusukela ngo-2018-2019. Izizindalwazi zesibili nazo ziqukethe idatha yebhalansi ye-akhawunti, ekhawulelwe kububanzi obuphakathi kwama-ruble angu-130-160.
July
Kubonakala sengathi iningi labantu laliseholidini ngoJulayi, ngakho-ke kwaba nokuvuza okukodwa okubonakalayo phakathi nenyanga yonke. Kodwa yeka ukuvuza!
3.
Ekupheleni kwenyanga, kwabikwa ukwephulwa okukhulu kwedatha yamakhasimende asebhange. I-Capital One, inkampani ephethe izimali, yathinteka, kwathi ukulahlekelwa kwalinganiselwa ku-$100-150 million. Lokhu kugqekeza kwaholela ekutheni abahlaseli bathole ukufinyelela kwedatha yamakhasimende ayizigidi eziyi-100 e-Capital One e-US kanye nezigidi eziyi-6 eCanada. Ulwazi oluvela kuzicelo zamakhadi esikweletu kanye nedatha yabanikazi bamakhadi abakhona lwaphazamiseka.
Le nkampani ithi ulwazi lwekhadi lesikweletu ngokwalo (izinombolo, amakhodi e-CCV, njll.) luhlale luphephile, kodwa izinombolo ze-Social Security ezingu-140 kanye nezinombolo ze-akhawunti yasebhange ezingu-80 zebiwe. Abakhohlisi bathole nomlando wesikweletu, izitatimende, amakheli, izinsuku zokuzalwa, kanye nemiholo yamakhasimende esikhungo sezezimali.
ECanada, izinombolo ze-Social Security ezingaba yisigidi zaphazamiseka. Abaduni bama-hacker bathole nedatha yokuthengiselana ngamakhadi esakazekile ezinsukwini ezingama-23 ngo-2016, 2017, kanye no-2018.
I-Capital One yenze uphenyo lwangaphakathi, olwaphetha ngokuthi ulwazi olubiwe cishe lwalungasetshenziswa ngezinhloso zokukhwabanisa. Ngiyazibuza ukuthi lwalusetshenziselwani?
I-Август
Ngemva kokuphumula ngoJulayi, sabuya ngo-Agasti sinamandla avuselelwe. Ngakho-ke.
Sekukhulunywe okuningi mayelana nokugcina ama-biometric, futhi nakhu futhi...
4.
Maphakathi no-Agasti 2019, kwatholakala ukuvuza kweminwe engaphezu kwesigidi kanye neminye imininingwane ebucayi. Izisebenzi zenkampani zithi zifinyelele idatha ye-biometric kusuka kusofthiwe ye-Biostar 2.
I-Biostar 2 isetshenziswa izinkulungwane zezinkampani emhlabeni wonke, okuhlanganisa namaphoyisa aseLondon, ukulawula ukufinyelela ezindaweni eziphephile. I-Suprema, unjiniyela we-Biostar 2, uthi usebenza ngesisombululo. Abacwaningi baphawula ukuthi, kanye namarekhodi eminwe, bathole izithombe, idatha yokubona ubuso, amagama, amakheli, amaphasiwedi, umlando wokuqashwa, kanye namarekhodi okuvakashela izindawo eziphephile. Izisulu eziningi zikhathazekile ngokuthi i-Suprema yehlulekile ukubika ukwephulwa kwedatha okungenzeka ukuze amakhasimende ayo akwazi ukuthatha isinyathelo ngokushesha.
Kutholakale idatha engama-gigabytes angu-23, equkethe amarekhodi acishe abe yizigidi ezingu-30 ku-inthanethi. Abacwaningi baphawula ukuthi ulwazi lwe-biometric alusoze lwagcinwa luyimfihlo ngemva kokwephulwa okunjalo. Phakathi kwezinkampani okwadalulwa kuzo idatha kwakukhona i-Power World Gyms, ijimu eNdiya naseSri Lanka (amarekhodi abasebenzisi angu-113,796, kufaka phakathi izigxivizo zeminwe); i-Global Village, umkhosi waminyaka yonke e-UAE (izigxivizo zeminwe ezingu-15,000); kanye ne-Adecco Staffing, inkampani yokuqasha yaseBelgium (izigxivizo zeminwe ezingu-2000). Lokhu kwephulwa kwemininingwane kwabathinta kakhulu abasebenzisi baseBrithani nezinkampani, kanti izigidi zamarekhodi omuntu siqu zadalulwa.
I-Mastercard, uhlelo lokukhokha, yazise ngokusemthethweni abalawuli baseBelgium nabaseJalimane ukuthi ngo-Agasti 19, inkampani ithole ukwephulwa kwedatha okubandakanya "inani elikhulu" lamakhasimende, "ingxenye enkulu" yawo eyayiyizakhamuzi zaseJalimane. Le nkampani yathi ithathe izinyathelo ezidingekayo futhi yasusa yonke idatha yomuntu siqu evuvukele ku-inthanethi. I-Mastercard ithi lesi sigameko sasihlobene nohlelo lokwethembeka lwenkampani yaseJalimane yangaphandle.
5.
Okwamanje, abantu bakithi nabo baqaphile. Njengoba isisho sithi, "Ngiyabonga, Russian Railways, kodwa cha ngiyabonga."
Ukuvuza kwedatha yabasebenzi be-Russian Railways, okuyinto , yaba eyesibili ngobukhulu eRussia ngo-2019. Izinombolo ze-SNILS, amakheli, izinombolo zocingo, izithombe, amagama aphelele, kanye neziqu zemisebenzi zabasebenzi abangu-703 be-Russian Railways kwabangu-730 zenziwe zatholakala emphakathini.
I-Russian Railways iyaphenya ngale ncwadi futhi ilungiselela ukuxhumana nabezomthetho. Le nkampani iyaqinisekisa ukuthi akukho mininingwane yomuntu siqu yabagibeli eyebiwe.
6.
Izolo nje, i-Imperva ibike ukuvuza kolwazi oluyimfihlo oluphathelene namakhasimende ayo amaningana. Lesi sigameko sithinte abasebenzisi besevisi ye-Imperva Cloud Web Application Firewall CDN, eyayaziwa ngokuthi i-Incapsula. Ngokusho kokuthunyelwe kuwebhusayithi ye-Imperva, inkampani yaqaphela ngalesi sigameko ngo-Agasti 20 walo nyaka ngemuva kokubikwa kokwephulwa kwedatha okubandakanya amakhasimende amaningana ayenama-akhawunti ale nsizakalo ngaphambi komhla ziyi-15 kuSepthemba 2017.
Ulwazi oluphazamisekile luhlanganisa amakheli e-imeyili kanye nama-hashes ephasiwedi abasebenzisi ababhalise ngaphambi kukaSepthemba 15, 2017, kanye nezikhiye ze-API kanye nezitifiketi ze-SSL zabanye amakhasimende. Inkampani ayizange iveze imininingwane mayelana nokuthi ukuvuza kwedatha kwenzeke kanjani. Abasebenzisi be-Cloud WAF bayelulekwa ukuthi bashintshe amaphasiwedi e-akhawunti yabo, bavumele ukuqinisekiswa kwezinto ezimbili kanye nokungena ngemvume okukodwa (i-SSO), balande izitifiketi ezintsha ze-SSL, futhi basethe kabusha izikhiye zabo ze-API.
Ngesikhathi siqoqa ulwazi lwaleli qoqo, kwafika engqondweni umcabango ngokungazi ukuthi: zingaki ukuvuza okuhle okuzosilethela ekwindla?
Yini enye ongayifunda kubhulogi?
→
→
→
→
→
Bhalisela yethu -isiteshi, ukuze ungaphuthelwa yisihloko esilandelayo! Asibhali ngaphezu kokuphindwe kabili ngesonto futhi ngebhizinisi kuphela.
Source: www.habr.com
