Lồ lộ hết cả
công ty sản xuất 'khóa trinh tiết' có lỗi an ninh hệ thống và lộ hết email, mật khẩu, địa chỉ nhà riêng... của người dùng...
A company that makes a chastity device (khóa trinh tiết) for people with a penis (dương vật) that can be controlled by a partner over the internet exposed users’ email addresses, plaintext passwords, home addresses and IP addresses, and — in some cases — GPS coordinates, due to several flaws (sai sót) in its servers, according to a security researcher.
The researcher, who asked to remain anonymous (ẩn danh, giấu tên) because he wanted to separate (tách biệt) his professional life (cuộc sống nghề nghiệp) from the kink-related work he does, said he gained access to a database (hệ thống dữ liệu) containing records of more than 10,000 users, thanks to two vulnerabilities (lỗ hổng, điểm yếu). The researcher said he exploited the bugs (lỗi) to see what data he could get access to. He also reached out to the company on June 17 alerting them of the issues in an attempt to get them to fix the vulnerabilities and protect their users’ data (bảo vệ dữ liệu người dùng), according to a screenshot of the email he sent and shared with TechCrunch.
As of publication, the company has yet to fix the vulnerabilities and did not respond to repeated requests for comment from TechCrunch.
“Everything’s just too easy to exploit. And that’s irresponsible (vô trách nhiệm),” the researcher told TechCrunch. “So my best hope is that they will contact either you or me and fix everything.”
Because the vulnerabilities are not fixed, TechCrunch is not identifying the company in order to protect its users, whose data is still at risk (rủi ro).