Una vez más, bayanan mai amfani daga a kalla shafuka 3.400 da suka hada da Fitbit, Une da har zuwa 1Password, sun fallasa, a wannan lokacin, saboda keta haddin tsaro na Cloudflare, don haka ana ba da shawarar gaggawa canza kalmomin shiga.
Bayanin mai amfani daga sama da rukunin yanar gizo 3.400 sun kasance tace da injunan bincike sakamakon matsalar kwarorar tsaro a cikin Cloudflare, cibiyar sadarwar rarraba abun ciki wacce dubban yanar gizo ke amfani da ita. Tsawon watanni, shafukan yanar gizo kamar Uber, Fitbit ko shafin yanar gizo na OKCupid tsakanin dubbai, abin ya shafe su. 1Password yana amfani da Cloudflare, duk da haka kamfanin ya yi iƙirarin cewa godiya ga ɓoyewar sa zuwa ƙarshen, ba a fallasa bayanan abokan cinikin sa ba.
Kuskuren tsaro wanda ke fallasa bayanan daruruwan dubban masu amfani
Tsaro da sirrin bayananmu na sirri wani abu ne da ke damun mutane da yawa a kowace rana. Andarin bayanan sirri da muke adanawa a cikin "gajimare" kuma wanda kowa zai iya samun damar yin amfani da shi, a mafi yawan lokuta, kawai ta hanyar sanin sunan mai amfani da kalmar sirrinmu. Saboda haka lbayanin da aka buga a yau yana da mahimmanci, duka inganci da kuma dangane da ƙimar masu amfani da shi zai iya tasiri.
A cewar Ya buga ArsTechnica, Mai binciken tsaro na Google Tavis Ormandy ya gano cewa wani matsalar tsaro a Cloudflare, cibiyar sadarwar da miliyoyin gidajen yanar gizo ke amfani da ita, ta bada damar amfani da bayanan mai amfani daga yanar gizo sama da 3.400.da kuma adana su a cikin rumbunan injunan bincike.
Sabis ɗin da rukunin yanar gizo miliyan 5,5 ke amfani da shi na iya ɓace kalmomin shiga da alamun tabbatarwa.
Wani samfurin bayanan da Ormandy ya gani. Wannan sako ne na sirri daga shafin soyayya okcupid | GASKIYA: ArsTechnica
Daga cikin waɗannan rukunin yanar gizon da abin ya shafa akwai shahararrun kamfanoni kamar Fitbit ko Uber, da 1Password, waɗanda, duk da haka, sun riga sun bayyana cewa bayanan masu amfani da su sun kasance cikin aminci ta hanyar ɓoyewa zuwa ƙarshen.
Mun ga mabuɗan ɓoyewa, kukis, kalmomin shiga, guntun bayanan POST, har ma da buƙatun HTTPS don wasu manyan rukunin yanar gizo masu karɓar gajimare daga masu amfani. Da zarar mun fahimci abin da muke gani da abubuwan da ke faruwa, nan da nan muka tsaya kuma muka tuntuɓi tsaro na girgije.
Cloudflare ya yarda da aibin, amma zai iya rage girmanta
Cloudflare ya rigaya ya yarda cewa ainifin matsalar tsaro ta faru, amma duka Tavis Ormandy da sauran masu binciken tsaro sunyi imanin cewa kamfanin yana raina tsananin lamarin. A cikin wani post An sanya shi a shafin yanar gizon kamfanin a ƙarƙashin taken "Rahoton da ya faru game da malalar ƙwaƙwalwar da bugun Cloudflare parser ya haifar", Cloudflare ya yarda cewa ƙetarewar ta kasance mai tsanani, amma kuma ya lura cewa babu wata hujja da ke nuna cewa anyi amfani da kwaron.
Kuskuren yana da girma saboda ƙwaƙwalwar da aka ɓoye na iya ƙunsar bayanan sirri kuma saboda injunan bincike sun ɓoye shi. Har ila yau, ba mu gano wata shaidar yin amfani da kwaro ko wasu rahotanni na kasancewarta ba.
Ormandy yayi hanzarin bayar da amsa ga maganganun kamfanin cewa gidan da Cloudflare ya buga yana ba da kyakkyawan bincike "postmortem" amma a lokaci guda "yana rage haɗarin ga abokan ciniki."
An bada shawarar canza kalmomin shiga
Ryan Lackey, wani mashahurin mai binciken tsaro, ya yarda da bayanan na Ormandy, yana mai cewa, Kodayake yiwuwar bayyanar lambobin sirrin ba su da yawa, akwai wannan haɗarin, don haka ana ƙarfafa masu amfani da su canza su.
Google, Bing, Yahoo, da sauran injunan bincike sun riga sun share bayanan da aka adana, don haka yanzu an bayyana gaskiyar a bainar jama'a, amma ArsTechnica ya lura cewa wasu bayanan da aka adana har yanzu ya rage.