Tyler Cross
Shaara, kamfani ne wanda ke haɓaka plugins na Shopify, yana da ɗigon bayanan da ba a gano ba sama da watanni takwas.
A cewar masu binciken da suka gano bayanan, yana da yuwuwa masu kutse sun sami damar shiga wannan bayanan aƙalla sau ɗaya, saboda sun sami takardar fansa a cikin bayanan da ke buƙatar kusan dala 640 a cikin Bitcoin.
Jimillar ledar ta ƙunshi sama da 25 GB na bayanan da ake adanawa a cikin rumbun adana bayanai na MongoDB na Shaara wanda ke da damar jama'a sama da watanni takwas. Bayanan da ba a ɓoye sun ƙunshi umarni ɗaya sama da miliyan 7.6 da kuma bayanan sirri akan abokan ciniki.
Kowa yana da 'yanci don duba adiresoshin imel na abokan ciniki, cikakkun sunaye, lambobin waya, adiresoshin IP, adiresoshin gida, oda da bayanan bin diddigin oda, da bayanan biyan kuɗi.
Bayan sun fahimci cewa Shaara ba ta da masaniya game da cin zarafi, masu binciken yanar gizo sun tuntubi babban jami'in, inda suka sanar da su game da cin zarafi tare da neman karin bayani. Yayin da kamfanin nan da nan ya rufe matsalar, shugaban ya yi iƙirarin cewa ledar ɗin ba ta ƙunshi bayanan kwastomomi masu mahimmanci ba.
Lead ɗin yana nuna babbar matsalar da ke tattare da ayyukan tsaro na yanar gizo na Shopify. Binciken tsaro yakan kasa gano kurakuran ababen more rayuwa marasa tsaro, wanda ke jagorantar ɗimbin kamfanoni kamar Shaara don fallasa bayanan abokan ciniki masu mahimmanci.
Sauran bayanan leaks da aka samu ta hanyar Shopify plugins sun haɗa da Ra'ayoyin Tribe, Mesmerize India, Snitch, Bliss Club, Ta Gayyatar Kawai, da Binky Boo waɗanda ke da manyan leaks na bayanai. Wasu daga cikin waɗannan kamfanoni suna da cikakkun bayanan biyan kuɗi.
An nemi kowanne daga cikin kamfanonin ya yi karin bayani, amma har yanzu ba su amsa ba.
Masu bincike sun yi nuni da cewa wannan batu ba nagartattun masu kutse ne ke yin amfani da sabbin fasahohin zamani ba ne ke haifar da hakan, sai dai kamfanoni da suka kasa cika ka'idojin tsaro na intanet. Ko da software na ɓoyewa na asali zai iya kiyaye bayanan abokin ciniki idan akwai ɗigon ruwa, tare da sauƙi da mafita mai sauƙi kamar boye-boye AES 256-bit wanda ba a taɓa fashe ba.
- Ƙunshin Ƙarfafa SEO & Rarraba PR. Samun Girma a Yau.
- PlatoData.Network Tsaye Generative Ai. Karfafa Kanka. Shiga Nan.
- PlatoAiStream. Web3 Mai hankali. Ilmi Ya Faru. Shiga Nan.
- PlatoESG. Carbon, CleanTech, Kuzari, Muhalli, Solar, Gudanar da Sharar gida. Shiga Nan.
- PlatoHealth. Biotech da Clinical Trials Intelligence. Shiga Nan.
- Source: https://www.safetydetectives.com/news/25gb-of-shopify-data-found-leaked/
