{"id":106795,"date":"2023-07-04T14:06:00","date_gmt":"2023-07-04T14:06:00","guid":{"rendered":"https:\/\/fr.cryptonews.com\/?p=118666"},"modified":"2023-07-04T17:30:37","modified_gmt":"2023-07-04T17:30:37","slug":"huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs","status":"publish","type":"post","link":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/","title":{"rendered":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs"},"content":{"rendered":"<figure class=\"image\"><img decoding=\"async\" src=\"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg\" srcset=\"https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_1260_630.jpeg 1260w, https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_1200_600.jpeg 1200w, https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_900_450.jpeg 900w, https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_720_360.jpeg 720w, https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_600_300.jpeg 600w, https:\/\/cimg.co\/news\/118666\/316142\/responsive-images\/huobi-faille-utilisateur___media_library_original_300_150.jpeg 300w\" width=\"1260\" class=\"content-img\" alt=\"\"><\/figure><p>La plateforme d&#8217;&eacute;change majeure de crypto-monnaies <strong>Huobi a r&eacute;solu discr&egrave;tement une &eacute;norme vuln&eacute;rabilit&eacute; qui aurait expos&eacute; les avoirs des utilisateurs pendant deux ans.<\/strong><\/p><p>Selon le pirate informatique &eacute;thique et chercheur Aaron Phillips, <strong>Huobi a accidentellement publi&eacute; un fichier contenant des identifiants Amazon Web Services (AWS) en juin 2021<\/strong>, ce qui a entra&icirc;n&eacute; la fuite des informations de contact et de compte de 4 960 &#8220;whales&#8221; ainsi que des documents internes. Cette violation de donn&eacute;es aurait pu &ecirc;tre <strong>&#8220;le plus grand vol de crypto-monnaie de l&#8217;histoire&#8221;<\/strong> si elle avait &eacute;t&eacute; exploit&eacute;e par un attaquant, a &eacute;crit Phillips sur son <a href=\"https:\/\/phillips.technology\/blog\/huobi-crypto-aws\/\">blog<\/a>.<\/p><blockquote><p>&#8220;N&#8217;importe qui aurait pu utiliser les identifiants pour modifier le contenu des domaines huobi.com et hbfile.net, entre autres&#8221;<\/p><p>&#8220;J&#8217;avais un contr&ocirc;le total sur les donn&eacute;es de presque tous les aspects de l&#8217;activit&eacute; de Huobi.&#8221;<\/p><p>Philipps<\/p><\/blockquote><p><strong>Phillips a inform&eacute; Huobi de la fuite en juin 2022<\/strong>, et il a fallu <strong>cinq mois pour que l&#8217;&eacute;change r&eacute;ponde &agrave; la fuite avant de r&eacute;voquer les identifiants en juin 2023. <\/strong>L&#8217;aspect le plus &#8220;dangereux&#8221; de la violation concernait <strong>l&#8217;acc&egrave;s aux privil&egrave;ges d&#8217;&eacute;criture des r&eacute;seaux de diffusion de contenu (CDN) et des sites web de Huobi.<\/strong><\/p><blockquote><p>&#8220;Une fois qu&#8217;un attaquant peut &eacute;crire sur un CDN, il est trivial de trouver une opportunit&eacute; pour injecter des scripts malveillants. Et une fois qu&#8217;un CDN est compromis, tous les sites qui y sont li&eacute;s sont &eacute;galement potentiellement compromis.&#8221;<\/p><\/blockquote><p><a href=\"https:\/\/cryptonews.com\/search\/?q=huobi\"><strong>Huobi<\/strong><\/a><strong> a finalement supprim&eacute; le compte compromis, s&eacute;curisant ainsi son stockage &agrave; froid le 20 juin. <\/strong>Phillips a &eacute;galement affirm&eacute; que la fuite de Huobi avait <strong>expos&eacute; une base de donn&eacute;es de transactions de gr&eacute; &agrave; gr&eacute; (OTC) depuis 2017.<\/strong> La base de donn&eacute;es contenait des d&eacute;tails sur les comptes des utilisateurs, les d&eacute;tails des transactions et les adresses IP des traders dans un fichier t&eacute;l&eacute;chargeable de 2 To. De plus, <strong>la violation a r&eacute;v&eacute;l&eacute; le fonctionnement interne de l&#8217;infrastructure de production de Huobi et a permis d&#8217;acc&eacute;der &agrave; la modification des fichiers JSON du projet NFT de l&#8217;entreprise, Utopo.<\/strong><\/p><h2 style=\"text-align:justify;\">Huobi maintient que la br&egrave;che &laquo;&nbsp;n&rsquo;&eacute;tait pas si grave&nbsp;&raquo;<\/h2><span class=\"replacer\"><\/span><p style=\"text-align:justify;\">Dans une r&eacute;ponse dat&eacute;e du 1er juin, <strong>Huobi a d&eacute;clar&eacute; que la violation des donn&eacute;es de gr&eacute; &agrave; gr&eacute; mentionn&eacute;e par Phillips &eacute;tait &#8220;non r&eacute;elle, mais des donn&eacute;es de test&#8221;<\/strong>. Les fuites concernent les informations de seulement 4 000 utilisateurs.<\/p><figure class=\"media\"><oembed url=\"https:\/\/twitter.com\/WuBlockchain\/status\/1675009537722699776\"><\/oembed><\/figure><p>Selon la r&eacute;ponse de Huobi, <strong>la violation des donn&eacute;es s&#8217;est produite &#8220;en raison d&#8217;op&eacute;rations inappropri&eacute;es par du personnel li&eacute; au compartiment S3 dans l&#8217;environnement de test du site AWS de Huobi au Japon. <\/strong>Les informations d&#8217;utilisateur ont &eacute;t&eacute; compl&egrave;tement isol&eacute;es le 8 octobre 2022.&#8221;<\/p><p>L&#8217;&eacute;change a &eacute;galement <strong>ni&eacute; que la fuite concernerait des informations sensibles<\/strong> et n&#8217;affecte ni les comptes des utilisateurs ni la s&eacute;curit&eacute; des fonds.<\/p><p>Huobi n&#8217;a pas r&eacute;pondu imm&eacute;diatement &agrave; une demande de commentaire.<\/p>","protected":false},"excerpt":{"rendered":"<p>La plateforme d&#8217;&eacute;change majeure de crypto-monnaies Huobi a r&eacute;solu discr&egrave;tement une &eacute;norme vuln&eacute;rabilit&eacute; qui aurait expos&eacute; les avoirs des utilisateurs pendant deux ans.Selon le pirate informatique &eacute;thique et chercheur Aaron Phillips, Huobi a accidentellement publi&eacute; un fichier contenant des identifiants Amazon Web Services (AWS) en juin 2021, ce qui a entra&icirc;n&eacute; la fuite des informations [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9,1],"tags":[],"editors":[2103],"sponsored_companies":[],"class_list":["post-106795","post","type-post","status-publish","format-standard","hentry","category-blockchain-news","category-news","editors-sujha-sundararajan"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs<\/title>\n<meta name=\"description\" content=\"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs\" \/>\n<meta property=\"og:description\" content=\"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/\" \/>\n<meta property=\"og:site_name\" content=\"Cryptonews France\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-04T14:06:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-04T17:30:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs\" \/>\n<meta name=\"twitter:description\" content=\"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/cimg.co\/news\/118644\/316087\/pexels-markus-spiske-177598.jpg\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs","description":"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/","og_locale":"fr_FR","og_type":"article","og_title":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs","og_description":"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.","og_url":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/","og_site_name":"Cryptonews France","article_published_time":"2023-07-04T14:06:00+00:00","article_modified_time":"2023-07-04T17:30:37+00:00","og_image":[{"url":"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_title":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs","twitter_description":"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.","twitter_image":"https:\/\/cimg.co\/news\/118644\/316087\/pexels-markus-spiske-177598.jpg","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#article","isPartOf":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/"},"author":{"name":"giedrius","@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/person\/5d79e712f570715212460260f4f9cc0f"},"headline":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs","datePublished":"2023-07-04T14:06:00+00:00","dateModified":"2023-07-04T17:30:37+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/"},"wordCount":606,"publisher":{"@id":"https:\/\/cryptonews.com\/fr\/#organization"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg","articleSection":["Actualit\u00e9s Blockchain","News"],"inLanguage":"fr-FR","copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/cryptonews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/","url":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/","name":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs","isPartOf":{"@id":"https:\/\/cryptonews.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#primaryimage"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#primaryimage"},"thumbnailUrl":"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg","datePublished":"2023-07-04T14:06:00+00:00","dateModified":"2023-07-04T17:30:37+00:00","description":"Huobi a r\u00e9solu une \u00e9norme vuln\u00e9rabilit\u00e9 qui aurait expos\u00e9 les avoirs des utilisateurs.","breadcrumb":{"@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/"]}],"author":[]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#primaryimage","url":"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg","contentUrl":"https:\/\/cimg.co\/news\/118666\/316142\/huobi-faille-utilisateur.jpeg"},{"@type":"BreadcrumbList","@id":"https:\/\/cryptonews.com\/fr\/news\/huobi-crypto-exchange-resout-faille-fuite-informations-milliers-utilisateurs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptonews.com\/fr\/"},{"@type":"ListItem","position":2,"name":"L\u2019exchange Huobi r\u00e9sout la faille exposant les donn\u00e9es de milliers d\u2019utilisateurs"}]},{"@type":"WebSite","@id":"https:\/\/cryptonews.com\/fr\/#website","url":"https:\/\/cryptonews.com\/fr\/","name":"Cryptonews","description":"","publisher":{"@id":"https:\/\/cryptonews.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptonews.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/cryptonews.com\/fr\/#organization","name":"Cryptonews France","url":"https:\/\/cryptonews.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/3\/2023\/09\/4.jpg","contentUrl":"https:\/\/cryptonews.com\/wp-content\/uploads\/sites\/3\/2023\/09\/4.jpg","width":1669,"height":874,"caption":"Cryptonews France"},"image":{"@id":"https:\/\/cryptonews.com\/fr\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts\/106795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/comments?post=106795"}],"version-history":[{"count":0,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/posts\/106795\/revisions"}],"wp:attachment":[{"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/media?parent=106795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/categories?post=106795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/tags?post=106795"},{"taxonomy":"editors","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/editors?post=106795"},{"taxonomy":"sponsored_companies","embeddable":true,"href":"https:\/\/cryptonews.com\/fr\/wp-json\/wp\/v2\/sponsored_companies?post=106795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}