魅力人士專屬社交網站Beautiful People信息泄露
Data stolen from a dating website aimed at "beautiful people only" has been traded online.
近日,一家僅針對“美麗人士”的約會網站的數據被泄密,並在網上進行販賣。The details of more than a million members including their weight, height, job, and phone numbers were discovered unencrypted online in December 2015. They have now been sold on the black market, said security expert Troy Hunt.
2015年12月,共有超過一百萬人的體重、身高、工作還有電話號碼這種細節信息沒有經過加密就泄露了出來。安全專家特洛伊·亨特表示,現在這些信息已在黑市中進行販賣。The firm said the data belonged to members who joined before July 2015 and that no passwords or financial information were included.
該公司宣稱,這些數據來源於2015年7月以前加入該網站的成員,不過其中並不包含任何密碼和財務信息。
Security researcher Chris Vickery, who originally discovered it, told the BBC the firm acted quickly after he notified them - but by then, data had already been sold on.
網絡安全研究人員克里斯·維克裏最先發現了這個問題。他告訴BBC,當他通知該公司後,他們應對非常迅速。但那時數據已經開始進行交易了。Beautiful People originally claimed the content was from a test server but Mr Vickery said the data itself was still genuine. "Whether or not it's in the test database makes no difference if it's real data," he added.
魅力人士網站最初聲稱這些內容來源於一個測試服務器,但維克裏表示,不管怎樣,這些數據都是真實的。“如果這些是真實資料,它們是不是在測試數據庫中並沒有什麼區別。”他補充說道。It also transpired that a second researcher had identified the same weakness on the same day.
據悉,另一位網絡安全研究員在當天也發現了同樣的漏洞。"Now it's public, cybercriminals have the opportunity to use this information to steal personal identities or more," said David Emm, principal security researcher at Kaspersky Lab. "Unfortunately, once a breach of this nature has been made, there is not much that can be done."
卡巴斯基實驗室首席網絡安全研究員大衛·埃姆表示:“現在這些信息是公開的,網絡罪犯有機會利用這些信息盜取個人身份甚至更多內容。不幸的是,一旦產生這種性質的漏洞,就已經無法挽回了。”Cybercriminals use the genuine identities to synthesise new ones, and they tend to act within a month of receiving stolen data, said John Lord, managing director at identity data intelligence firm GBG.
身份數據情報公司GBG總經理約翰·洛德表示,網絡罪犯利用真實身份合成新身份,而且通常在獲取數據一個月以內採取行動。"Organisations need to take action and use more data, analytical insights and triangulation of multiple-identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them," he said.
“相關組織需要行動起來,使用更多數據、運用分析見解以及多元化身份認證技術三角測量法來將身份盜竊對用戶和服務商的影響降到最低。”他說。
