Tseem lwm kis ntawm cov ntaub ntawv hais txog kev ua txhaum cai, nkag tus peev xwm ntawm dua 540,000 cov ntaub ntawv zwm rau lub tuam txhab tsheb taug qab cov tuam txhab SVR Nrhiav cov kev pabcuam muaj xaim online vim yog a misconfigured huab neeg rau zaub mov, muaj peev xwm nthuav tawm cov ntaub ntawv ntiag tug thiab tsheb cov ntsiab lus ntawm cov neeg tsav tsheb thiab kev lag luam uas siv nws cov kev pabcuam.
SVR (Cov Ntaub Ntawv Nyiag Tsheb) Mus Ntxiv, lub tuam txhab uas hais tias tshwj xeeb rau "tsheb rov qab" tso cai rau nws cov neeg siv taug qab lawv lub tsheb nyob rau ntawm lub sijhawm tiag tiag los ntawm kev nqa lub cev taug qab cov khoom mus rau cov tsheb hauv qhov chaw tsis paub, yog li lawv tuaj yeem saib xyuas thiab rov qab los rau hauv tsam lawv cov tsheb muaj neeg nyiag.
Raws li cov kws tshawb nrhiav ntawm Kromtech Security Center, uas xub pom qhov ua txhaum cai, cov ntaub ntawv raug suav nrog SVR cov neeg siv cov ntaub ntawv pov thawj, suav nrog email email, password, cov ntaub ntawv tsheb (xws li VIN tus lej thiab daim ntawv tsav tsheb), IMEI tus lej GPS thiab lwm cov ntaub ntawv uas yog sau rau lawv cov cuab yeej siv, cov qhua thiab cov lag luam pib xa khoom. Cov ntaub ntawv raug kis ntawm ib qho tsis nyab xeeb Amazon Web Server (AWS) S3 huab huab cia lub thoob uas tau tso tawm cov khoom lag luam.
Qhov zoo siab, cov ntaub ntawv nthuav tawm kuj tseem muaj cov ntaub ntawv nyob qhov twg hauv lub tsheb qhov chaw ua haujlwm tau muab zais. Cov kws tshawb nrhiav tau hais tias leaked cov lus zais tau raug tiv thaiv los ntawm qhov tsis muaj zog SHA-1 hashing algorithm uas yooj yim tawg.
Raws li Kromtech, tag nrho cov cuab yeej siv "yuav loj dua vim tias ntau tus muag khoom lossis cov neeg siv khoom muaj cov khoom siv ntau rau kev taug qab."
“Lub hnub nyoog uas kev ua txhaum cai thiab thev naus laus zis sib koom tes, xav txog qhov yuav muaj kev phom sij yog cybercriminals tuaj yeem paub qhov twg lub tsheb nyob ntawm kev nkag mus hauv cov ntawv pov thawj uas muaj nyob hauv online thiab nyiag lub tsheb ntawd? Zuag qhia tag nrho cov cuab yeej tuaj yeem muaj ntau dua vim qhov tseeb tias ntau tus neeg muag khoom lossis cov neeg siv khoom muaj cov khoom siv ntau heev rau kev taug qab, ”tus neeg tshawb nrhiav Kromtech Bob Diachenko tau hais hauv blog.
Lub Amazon S3 thoob tau ruaj ntseg tom qab Kromtech tau mus txog rau SVR thiab ceeb toom lawv txog qhov ua txhaum cai. Txawm li cas los xij, nws tseem tseem tsis tau meej txog qhov ntev npaum li cas cov ntaub ntawv tseem ua haujlwm ywj pheej. Nws tseem tsis paub meej tias cov ntaub ntawv siv tau nkag mus raug cuam tshuam los ntawm hackers lossis tsis tau.
