{"id":4261,"date":"2017-10-16T12:25:43","date_gmt":"2017-10-16T09:25:43","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4261"},"modified":"2020-05-14T13:55:58","modified_gmt":"2020-05-14T10:55:58","slug":"data-leaks-2017","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/data-leaks-2017\/4261\/","title":{"rendered":"2017 y\u0131l\u0131nda \u015fimdiye kadar ya\u015fanan en b\u00fcy\u00fck 5 veri s\u0131z\u0131nt\u0131s\u0131"},"content":{"rendered":"<p>Ki\u015fisel veri s\u0131z\u0131nt\u0131lar\u0131 her g\u00fcn ger\u00e7ekle\u015fir. Baz\u0131lar\u0131 haberlere konu olurken baz\u0131lar\u0131ndan kimsenin haberi bile olmaz. Bu y\u0131l i\u00e7inde, sadece Amerika Birle\u015fik Devletleri\u2019nde 163 milyon kullan\u0131c\u0131 kayd\u0131 ele ge\u00e7irildi (Kimlik H\u0131rs\u0131zl\u0131\u011f\u0131 Kaynak Merkezi\u2019nden al\u0131nan verilere g\u00f6re). Bu rakam, <a href=\"http:\/\/www.idtheftcenter.org\/images\/breach\/2016\/DataBreachReport_2016.pdf\" target=\"_blank\" rel=\"noopener nofollow\">ge\u00e7en y\u0131l<\/a> boyunca ele ge\u00e7irilen toplam kullan\u0131c\u0131 kayd\u0131n\u0131n d\u00f6rt kat\u0131.<\/p>\n<p>Hen\u00fcz y\u0131l sonuna ula\u015fmad\u0131k ama sizlere 2017\u2019nin ba\u015f\u0131ndan bu yana, daha do\u011frusu ilk \u00fc\u00e7 \u00e7eyre\u011finde, kaydedilen en b\u00fcy\u00fck be\u015f s\u0131z\u0131nt\u0131dan bahsetmek i\u00e7in beklemek istemedik. Asl\u0131nda en b\u00fcy\u00fck s\u0131z\u0131nt\u0131lardan bahsetti\u011fimiz i\u00e7in liste Yahoo ve s\u0131zd\u0131r\u0131lan 3 milyar hesapla ba\u015flamal\u0131yd\u0131. Ancak bu s\u0131z\u0131nt\u0131 2013 y\u0131l\u0131nda ger\u00e7ekle\u015fti. Ayr\u0131ca s\u0131z\u0131nt\u0131n\u0131n kapsam\u0131 hakk\u0131ndaki haberler Ekim ay\u0131na yani y\u0131l\u0131n d\u00f6rd\u00fcnc\u00fc \u00e7eyre\u011fine kadar bas\u0131na yans\u0131mad\u0131. Bas\u0131na yans\u0131yan haberler ise zaten bilinen bir g\u00fcvenlik ihlali hakk\u0131ndaki yeni geli\u015fmelerden ibaretti.<\/p>\n<h2><a href=\"https:\/\/threatpost.com\/micro-market-vendor-warns-of-bankcard-and-biometric-data-breach\/126742\/\" target=\"_blank\" rel=\"noopener nofollow\">5. Avanti Markets \u2014 1,6 milyon hesap<\/a><\/h2>\n<p>Daha \u00f6nce Avanti\u2019yi duymam\u0131\u015f olabilirsiniz ama muhtemelen i\u015f yerinizin bu firmadan haberi vard\u0131r. Belki siz de otomat makinelerinden biraz at\u0131\u015ft\u0131rmal\u0131k alm\u0131\u015f olabilirsiniz. Kurumsal kafeteryalar i\u00e7in at\u0131\u015ft\u0131rmal\u0131k \u00e7\u00f6z\u00fcmleri tedarik eden firma, Temmuz ay\u0131nda \u00f6deme noktalar\u0131n\u0131n baz\u0131lar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bulundu\u011funu duyurdu. Sald\u0131rganlar, baz\u0131 makinelere kredi kart\u0131 numaralar\u0131n\u0131, son kullanma tarihlerini ve CVV numaralar\u0131n\u0131 \u00e7almak i\u00e7in \u00f6zel olarak tasarlanm\u0131\u015f olduk\u00e7a karma\u015f\u0131k bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015ft\u0131rmay\u0131 ba\u015farm\u0131\u015ft\u0131. Bu yaz\u0131l\u0131m\u0131, cihazlara nas\u0131l bula\u015ft\u0131rd\u0131klar\u0131 hen\u00fcz net de\u011fil. Ancak baz\u0131 terminallerde parmak izi sens\u00f6rleri oldu\u011fu i\u00e7in sald\u0131rganlar m\u00fc\u015fterilerin biyometrik verilerine bile ula\u015fmay\u0131 ba\u015fard\u0131. Kiosk ayarlar\u0131ndaki farkl\u0131l\u0131klar sald\u0131rganlar\u0131n t\u00fcm a\u011f\u0131 ele ge\u00e7irmesini engelledi. Ancak ayn\u0131 nedenle \u015firket zarar\u0131 tam olarak hesaplayamad\u0131 ve en az 1,6 milyon hesab\u0131n ele ge\u00e7irildi\u011fini duyurdu.<\/p>\n<h2><a href=\"https:\/\/threatpost.com\/vendor-exposes-backup-of-chicago-voter-roll-via-aws-bucket\/127538\/\" target=\"_blank\" rel=\"noopener nofollow\">4. Election Systems &amp; Software \u2013 1,8 milyon hesap<\/a><\/h2>\n<p>BT uzmanlar\u0131, A\u011fustos ay\u0131nda a\u00e7\u0131k bir Amazon Web Services (AWS) bulut deposu ke\u015ffetti. Bu veri deposu, oy verme makineleri ve se\u00e7im y\u00f6netimi sistemleri \u00fcreten Election Systems &amp; Software (ES&amp;S) \u015firketine ait verilerinin yedekleme kopyas\u0131n\u0131 i\u00e7eriyordu. Veriler, Illinois\u2019de ya\u015fayan ki\u015filerin adlar\u0131n\u0131, adreslerini, do\u011fum tarihlerini ve parti \u00fcyeliklerini i\u00e7eren 2 milyon hesab\u0131 kapsamaktayd\u0131. Normalde AWS kutular\u0131na ancak bir kimlik do\u011frulama i\u015flemi sonras\u0131nda ula\u015f\u0131labilir. Ancak bilinmeyen bir nedenle bu cihaz\u0131n ayarlar\u0131 yanl\u0131\u015f yap\u0131land\u0131r\u0131larak veriler halka a\u00e7\u0131k hale gelmi\u015fti. Bu veri deposunu uzmanlardan \u00f6nce ba\u015fka birinin fark edip etmedi\u011fini bilmek imk\u00e2ns\u0131z. Ancak 1,8 milyon ki\u015finin bilgileri halka a\u00e7\u0131k hale geldi ve bu olay s\u0131z\u0131nt\u0131 tan\u0131m\u0131na tam anlam\u0131yla uyuyor.<\/p>\n<h2><a href=\"https:\/\/www.scmagazine.com\/millions-of-dow-jones-customer-records-exposed-due-an-internal-error\/article\/675843\/\" target=\"_blank\" rel=\"noopener nofollow\">3. Dow Jones &amp; Company \u2014 2,2 milyon hesap<\/a><\/h2>\n<p>Dow Jones olay\u0131, veri ar\u015fivi i\u00e7eren bir AWS deposuyla ilgili olmas\u0131 a\u00e7\u0131s\u0131ndan bir \u00f6nceki \u00f6rne\u011fe olduk\u00e7a benziyor. Sorun yine cihaz\u0131n ayarlar\u0131yla ilgili olmas\u0131na ra\u011fmen bu sefer veriler herkese de\u011fil yaln\u0131zca AWS kullan\u0131c\u0131lar\u0131na a\u00e7\u0131k hale geldi. Bu olay, d\u00fcnyadaki en b\u00fcy\u00fck finansal bilgi servislerinden biri taraf\u0131ndan yay\u0131nlanan Wall Street Journal ve Barron\u2019s gibi gazete ve dergilere abone olan milyonlarca ki\u015finin ki\u015fisel ve finansal bilgilerini tehlikeye att\u0131. Siber su\u00e7lular\u0131n, bulut deposunun ayarlar\u0131 d\u00fczeltilmeden verilere eri\u015fim sa\u011flay\u0131p sa\u011flayamad\u0131klar\u0131 ise bilinmiyor.<\/p>\n<h2><a href=\"https:\/\/www.scmagazine.com\/breach-of-dol-jobs-database-a-threat-to-10-states-so-far\/article\/646023\/\" target=\"_blank\" rel=\"noopener nofollow\">2. America\u2019s Job Link Alliance \u2014 5,5 milyon hesap<\/a><\/h2>\n<p>B\u00fcy\u00fck bir \u00e7evrimi\u00e7i i\u015f arama motorunun Web uygulama yaz\u0131l\u0131m\u0131ndaki g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ad\u0131 bilinmeyen bir hacker\u0131n 10 farkl\u0131 eyaletten milyonlarca kullan\u0131c\u0131n\u0131n ad, do\u011fum tarihi ve sosyal g\u00fcvenlik numaras\u0131n\u0131 ele ge\u00e7irmesine neden oldu. Bu hacker, \u015eubat ay\u0131nda sistemde bir hesap olu\u015fturdu ve sistemin a\u00e7\u0131\u011f\u0131n\u0131 kullanarak 5,5 milyondan daha fazla hesaba eri\u015fim sa\u011flad\u0131. G\u00fcvenlik ihlali iki hafta sonra fark edilerek kapat\u0131ld\u0131. America\u2019s Job Link Alliance, resmi bas\u0131n a\u00e7\u0131klamas\u0131nda Ekim 2016 tarihli g\u00fcncellemenin bir par\u00e7as\u0131 olan uygulaman\u0131n \u201chatal\u0131 yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131n\u0131\u201d s\u00f6yleyerek g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131.<\/p>\n<h2><a href=\"https:\/\/www.kaspersky.com\/blog\/equifax-breach\/18467\/\" target=\"_blank\" rel=\"noopener nofollow\">1. Equifax \u2014 145,5 milyon hesap<\/a><\/h2>\n<p>Bu y\u0131l\u0131n en b\u00fcy\u00fck olay\u0131 ise Equifax\u2019deki veri s\u0131z\u0131nt\u0131s\u0131yd\u0131. \u015eirket temsilcileri, Eyl\u00fcl ay\u0131nda m\u00fc\u015fterilerin adlar\u0131n\u0131, sosyal g\u00fcvenlik numaralar\u0131n\u0131, do\u011fum tarihlerini ve adreslerini i\u00e7eren veri taban\u0131na hackerlar taraf\u0131ndan eri\u015fildi\u011fini itiraf etti. S\u0131z\u0131nt\u0131, bir aydan daha uzun bir s\u00fcre boyunca, May\u0131s\u2019\u0131n ortalar\u0131ndan Temmuz\u2019un sonlar\u0131na kadar, devam etti. Sald\u0131rganlar verilere ula\u015fmak i\u00e7in Apache Struts 2 altyap\u0131s\u0131ndaki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kulland\u0131. Equifax\u2019\u0131n ilk de\u011ferlendirmelerine g\u00f6re sald\u0131r\u0131, 143 milyon ki\u015finin verileri kaps\u0131yordu ancak \u015firket daha sonra bu say\u0131y\u0131 145,5 milyon olarak g\u00fcncelledi. Sald\u0131r\u0131 sonucunda, bir\u00e7ok \u00f6nemli verinin yan\u0131 s\u0131ra 209.000 kredi kart\u0131 numaras\u0131 ve 182.000 ki\u015finin ki\u015fisel verilerini i\u00e7eren belgeler \u00e7al\u0131nd\u0131. S\u0131z\u0131nt\u0131ya yol a\u00e7an g\u00fcvenlik a\u00e7\u0131\u011f\u0131 Oracle (Apache Struts\u2019un geli\u015ftiricisi) taraf\u0131ndan Mart ay\u0131nda kapat\u0131lm\u0131\u015ft\u0131. Ancak ABD\u2019nin en b\u00fcy\u00fck kredi raporlama \u015firketlerinden biri olan Equifax\u2019\u0131n, bu g\u00fcncelle\u015ftirmeden iki ay sonra h\u00e2l\u00e2 g\u00fcncellemeleri y\u00fcklemedi\u011fi ortaya \u00e7\u0131kt\u0131.<\/p>\n<p>Bu be\u015f veri s\u0131z\u0131nt\u0131s\u0131ndan \u015fu dersi \u00e7\u0131karabiliriz: Bu s\u0131z\u0131nt\u0131lar\u0131n en az d\u00f6rd\u00fcnde (ilk vakan\u0131n nedeni hen\u00fcz bilinmiyor) s\u0131z\u0131nt\u0131lar kesinlikle \u00f6nlenebilirdi. Election Systems &amp; Software ve Dow Jones &amp; Company olaylar\u0131nda hatal\u0131 sistem yap\u0131land\u0131rmas\u0131 sonucunda bilgiler korunmas\u0131z b\u0131rak\u0131lm\u0131\u015ft\u0131. America\u2019s Job Link Alliance, bir Web uygulamas\u0131n\u0131n \u00f6nceden bilinen bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan dolay\u0131 zarar g\u00f6rd\u00fc. Equifax vakas\u0131nda ise bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 de\u011fil g\u00fcncelleme konusunda g\u00f6sterilen bir ihmalk\u00e2rl\u0131k vard\u0131. Yama zaman\u0131nda y\u00fcklenmi\u015f olsayd\u0131 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 kullan\u0131lmadan \u00f6nce kapat\u0131labilirdi. K\u0131sacas\u0131, t\u00fcm bu s\u0131z\u0131nt\u0131lar BT altyap\u0131s\u0131n\u0131n zaman\u0131nda denetlenmesiyle engellenebilirdi. Sonu\u00e7 olarak, bu denetim k\u00fc\u00e7\u00fck veya b\u00fcy\u00fck \u00f6l\u00e7ekli her \u015firkette d\u00fczenli olarak yap\u0131lmal\u0131d\u0131r.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-b2b\">\n","protected":false},"excerpt":{"rendered":"<p>Ki\u015fisel veri s\u0131z\u0131nt\u0131lar\u0131 her g\u00fcn ger\u00e7ekle\u015fir. Baz\u0131lar\u0131 haberlere konu olurken baz\u0131lar\u0131ndan kimsenin haberi bile olmaz. Bu y\u0131l i\u00e7inde, sadece Amerika Birle\u015fik Devletleri&#8217;nde 163 milyon kullan\u0131c\u0131 kayd\u0131 ele ge\u00e7irildi (Kimlik H\u0131rs\u0131zl\u0131\u011f\u0131 Kaynak Merkezi&#8217;nden al\u0131nan verilere g\u00f6re). Bu rakam, ge\u00e7en y\u0131l boyunca ele ge\u00e7irilen toplam kullan\u0131c\u0131 kayd\u0131n\u0131n d\u00f6rt kat\u0131.<\/p>\n","protected":false},"author":2484,"featured_media":4262,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[1386,686,851,848],"class_list":{"0":"post-4261","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-guvenlik-cozumu","10":"tag-kisisel-veri","11":"tag-sizinti","12":"tag-veri-sizintisi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/data-leaks-2017\/4261\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/data-leaks-2017\/11574\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/data-leaks-2017\/14572\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/data-leaks-2017\/14319\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/data-leaks-2017\/18993\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/data-leaks-2017\/19723\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/data-leaks-2017\/8320\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/data-leaks-2017\/18442\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/veri-sizintisi\/","name":"veri s\u0131z\u0131nt\u0131s\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4261"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4261\/revisions"}],"predecessor-version":[{"id":8323,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4261\/revisions\/8323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4262"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}