Indawo yomboniso bhanyabhanya edumileyo kunye nothotho lwemibhalo engezantsi, I-OpenSubtitles, ibhengeze kule veki kubasebenzisi bayo ukuba ihlaselwe ngumgebenga, ilumkise abasebenzisi ngoLwesibini, nge-18 kaJanuwari emva kokuba i-hacker ivuze i-database ye-intanethi.
Kwiposti yebhlog kwiforum yabo, Iqela lesayithi libonise ukuba i-hacker yaqhagamshelana nabo ngo-Agasti ophelileyo ngeTelegram ukubazisa ukuba inofikelelo kwidatha yabo bonke abasebenzisi, malunga ne-7 yezigidi, kubandakanywa i-imeyile kunye needilesi ze-IP, amagama omsebenzisi kunye neephasiwedi.
Kwabo bangaziyo nge-OpenSubtitles, kuya kufuneka uyazi loo nto yinkonzo ethandwa kakhulu enikezela ngeefayile ezingezantsi zeemuvi kunye nothotho. Inkonzo ifikeleleka kwii-domains "opensubtitles.org" kunye ne "opensubtitles.com", apho igcina iforum yeengxoxo.
Ngokomyalezo wabalawulis yesiza IiHackers zikwazile ukufikelela kuluhlu lwabasebenzisi ngo-Agasti ka-2021. Ekubeni abaqhubi be I-OpenSubtitles ayizange iphendule kwiimfuno zentlawulelo, idatha yofikelelo ngoku iyavela kwi-Intanethi. Ngokutsho kweqela, i-database yomsebenzisi iquka ngaphezulu kwe-6,7 yezigidi zamangenelo.
Ipakethe evuzayo iqulethe iidilesi ze-imeyile, ii-IP, amagama abasebenzisi, amazwe asuka kuwo abasebenzisi, kunye namagama ayimfihlo ngendlela ye-MD5 hash. Iqela liyavuma ukuba kuncinci okwenziwe ukuqinisa ukhuseleko kwiminyaka yamuva, eyavumela umhlaseli ukuba enze inaliti ye-SQL emva kokuphazamisa igama eliyimfihlo lomlawuli omkhulu.
“Ngo-Agasti ka-2021, safumana umyalezo kwiTelegram ovela kumgebenga, owasibonisa ukuba ukwazile ukufikelela kwitafile yomsebenzisi opensubtitles.org kwaye wakhuphela i-SQL yokulahla (ikopi yedatha eluhlaza). Wafuna intlawulelo kwi-bitcoins ngenxa yokungavezi oku kuluntu kwaye wathembisa ukucima idatha. Asizange samkele, kuba yayingeyomali incinci. Usixelele ukuba ndingafikelela njani kwaye usincede silungise impazamo. "Ngobuchule, wakwazi ukuqhekeza igama eliyimfihlo likaSuperAdmin," iposi yeqela ifundeka.
"Ndandikwazi ukufikelela kwiskripthi esingakhuselekanga, esasifumaneka kuphela kwi-SuperAdmins. "Esi script samvumela ukuba enze iinaliti zeSQL kwaye akhuphe idatha," satsho isithuba. Ngelixa akukho nanye yedatha egqekeziweyo evuzayo ngo-Agasti ophelileyo, nge-11 kaJanuwari 2022, i-OpenSubtitles ifumene enye imbalelwano evela “kumnikeli we-hacker yokuqala” owenza izicelo ezifanayo. I-hacker yokuqala ayinakuqhagamshelwa ngoncedo, kwaye nge-15 kaJanuwari, indawo yafunda ukuba idatha ikhutshwe kwi-intanethi ngosuku olungaphambili.
Le projekthi "Ngaba ndikhe ndabanjwa?" irekhode idatha kwaye yongeza kwisiseko sedatha khangela zonke iinkcukacha zoluntu ezivuzayo. Oku kuvumela abasebenzisi ukuba bajonge ukuba idilesi ye-imeyile okanye igama eliyimfihlo lichaphazelekile.
I-OpenSubtitles ithe i Ulwazi lwekhadi lokuthenga ngetyala aluzange luchaphazeleke.
"I-hacker inokufumana ukufikelela kwiiakhawunti zabasebenzisi. Ngoko unokukhuphela imibhalo engezantsi njalo njalo, kodwa awukhange ube nokufikelela kwikhadi letyala okanye enye idatha; ezo zigcinwe ngaphandle kweqonga lethu, utshilo umphathi wendawo, "OSS."
I-OpenSubtitles ichaza i-hack "njengesifundo esinzima", eqonda iziphene kukhuseleko lwayo. Ke, i-OpenSubtitles sele iphucule ukhuseleko lwayo ngokwenza utshintsho oluthile phantsi kwe-hood.
"Isiza sigcine amagama ayimfihlo kwi-md5 () hashes engaxutywanga, eyatshintshwa yi-hash_hmac enetyuwa kunye ne-SHA-256," kusho i-OSS. Ukongeza, i-OpenSubtitles iphinde yazisa umgaqo-nkqubo omtsha wegama eliyimfihlo, ukuvalwa kweakhawunti emva kokungaphumeleli kwemizamo yokungena, i-captcha ekusetweni kwakhona kwephasiwedi, iphepha lokungena kunye nezinye iindawo.
Esona sisongelo sikhawulezileyo kubasebenzisi abasebenzise idilesi ye-imeyile efanayo kunye ne-password indibaniselwano kwezinye iisayithi. Umhlaseli ngoko unokufikelela kwiiakhawunti zomntu wesithathu. Ngokukwanjalo, inokuba yingxaki kubasebenzisi be-OpenSubtitles abahlala rhoqo kwiiphothali ezineziqinisekiso ezifanayo.
Yiyo loo nto ukuba abanye abafundi bethu bandwendwela rhoqo, kuyacetyiswa ukuba batshintshe igama eliyimfihlo kwi-openSubtitles.org kunye ne-openSubtitles.com domains.
Umthombo: https://forum.opensubtitles.org/