当前位置:首页 > 案例展示
2023-02-24 [27013]
本文摘要:Data theft may be an increasingly common occurrence on the internet. 互联网上的数据盗取事件更加少见。


Data theft may be an increasingly common occurrence on the internet. 互联网上的数据盗取事件更加少见。But even in these desensitised times, few breaches can match the one revealed by Yahoo on Thursday, when it announced the theft of personal information belonging to 500m users dating from 2014.但即便是在人们对此类事件日益麻木的时代,也完全没哪起事件能匹敌雅虎(Yahoo!)上周四透露的个人数据被盗事件。

该公司上周四宣告,5亿用户自2014年以来的个人数据失窃。The sheer scale of the infraction begs a host of questions about the company’s management and whether it took enough care of its customers’ personal data. 这么大规模的数据被盗引起一系列疑惑,人们批评该公司管理否完备、其对客户个人数据的交给否充足小心。

It also raises questions about public disclosure and issues over the future, or at least the price, of Yahoo’s $4.8bn sale to Verizon.它还引起人们对另外两件事的疑惑,一个是公开发表透露,另一个是雅虎以48亿美元将核心业务出售给Verizon的那笔交易的涉及事宜——这笔交易未来命运如何、或者最少是还能否保持现在的价格。In recent years, there has been a rising number of cyber breaches affecting companies and millions of users. 近年来,影响企业和数百万用户的网络侵略事件数量日益激增。

What is both striking and unnerving about the Yahoo case is that it went apparently undetected for two years. 雅虎事件令人深感愤慨和忧虑的是,它或许在两年的时间里都并未被察觉到。The company’s claim that no high-value information such as credit card data were extracted is a cold comfort, and one that does nothing to excuse Yahoo for its failure to notice the cyber incursion. 该公司声称,没信用卡数据等低价值信息泄漏。Nor is it enough for the company to claim that the fact its attackers were state sponsored absolves them from spotting the tracks.这无法获取多少安慰,并且这种众说纷纭减免没法雅虎没能察觉到网络侵略的责任。该公司声称黑客获得政府的资助,这也足以减免它没能找到侵略不道德的责任。


The idea that the hackers were somehow invisible is anyway belied by Yahoo’s own account of how the breach was uncovered. 有人指出,黑客因这样或那样的原因是无法被察觉到的。雅虎自己对这一侵略是如何被找到的所作的叙述让这一众说纷纭不攻自破。

It instigated deeper security checks after a quantity of data popped up for sale for $1,800 on the so-called dark web and was reported by the technology publication, Vice Motherboard. 在所谓亮网上忽然冒出有大量以1800美元的价格出售的数据并被科技杂志《Vice Motherboard》报导之后,雅虎进行了更加深层次的安全检查。These procedures appear to have revealed the looting that the company now admits took place.雅虎现在否认再次发生了的数据偷窃活动,或许就是这些检查揭发出来的。This sequence of events raises serious questions about Yahoo’s management and whether it took the security of its customer data sufficiently seriously. 这一系列事件令人相当严重批评雅虎的管理以及该公司否充足坦率地对待客户数据安全。


Before 2014, security experts claim the company was still using outdated and vulnerable encryption systems. 在2014年以前,安全性专家声称,雅虎仍在用于过时而且不易遭到反击的加密系统。For a company which then had 1bn users on its network, this suggests an uncomfortably lax security culture. 对一家当时有10亿用户的公司来说,这似乎该公司的安全性风气虚弱得令人不安。Given the scale and wealth of the Yahoo organisation, lack of resources cannot be seen in any way as an excuse.鉴于雅虎的组织可观的规模和财富,它无论如何都无法把缺少人力或物力作为借口。

No less concerning is the company’s behaviour in the wake of the discovery of the breach. 某种程度令人担心的是该公司在找到黑客侵略之后的不道德。Marissa Mayer, its chief executive, was made aware in July that a breach was being investigated but it is unclear precisely when Yahoo became aware of the scale of the problem. 雅虎首席执行官玛丽萨迈耶(Marissa Mayer)在今年7月被告诉,雅虎正在调查一起黑客侵略事件,但目前并不确切,雅虎是何时知悉问题的相当严重程度的。

In early September, however, the company declared in a securities filing that it had no knowledge of any incidents of security breaches, unauthorised access or unauthorised use of its systems. 然而,今年9月初,该公司在一份证券备案文件中宣告,它不告诉不存在任何(这样的)事件,即其系统的安全性屏障被攻陷、(系统)被未许可采访或用于。Its merger partner Verizon will no doubt be interested to learn more about what exactly the company knew when it delivered those words.于是以与雅虎商讨拆分事宜的合作伙伴Verizon认同有兴趣更进一步理解,雅虎在公开发表上述言论时究竟理解多少信息。This week’s disclosures do little for Yahoo’s already diminished reputation. 上周透露的事件对雅虎早已下降的声誉没什么协助。


Its future must now be in jeopardy, as could the Verizon deal.雅虎的前景现在认同面对危险性,与Verizon的交易有可能也是如此。But the repercussions may well go beyond Yahoo. 然而,该事件的影响范围很有可能相比之下打破雅虎。With many users having the same passwords on multiple platforms, consumers are justifiably worried that the data breach might lead to their accounts at other sites being compromised. 很多用户在多个平台的密码完全相同,消费者有理由担忧,此次数据泄漏有可能造成他们在其他网站的帐户受到害。

If a company whose business is at the very heart of the world wide web has insufficient security, what other sites and services may be similarly vulnerable.如果一家其业务正处于万维网最核心方位的公司都无法获取充足的安全性确保,那么其他网站和服务有可能也更容易受到反击。Regulators need to stress both the importance of vigilance and of the speed with which companies disclose breaches so that systemic weaknesses can be avoided. 监管机构必须特别强调企业保持警惕以及及时透露数据泄漏事件的重要性,这样才能防止系统性脆弱。Officials in the UK and Ireland, where Yahoo has its European headquarters, have already asked the US technology group to supply more details about the cyber attack. 英国和爱尔兰的官员已拒绝这家美国科技集团获取此次黑客攻击的更好细节。雅虎的欧洲总部设于爱尔兰。

Yahoo is the victim of a serious crime. 雅虎是一桩相当严重罪行的受害者。But the lessons will go far beyond the company.但这一事件带给的教训要相比之下打破该公司。