导读:雅虎公司已经证实,有黑客窃取了至少5亿用户的账户数据。
Yahoo has confirmed that hackers stole information from at least 500 million user accounts in what it describes as a “state-sponsored” attack.
雅虎公司已经证实,有黑客通过“国家支持的”攻击行为,窃取了至少5亿用户的账户数据。
In a statement released Thursday, Yahoo’s Chief Information Security Officer Bob Lord said that the information was stolen from the company’s network in late 2014. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” he said.
在周四发表的一份声明中,雅虎首席信息安全官鲍勃·罗德表示,这些信息是2014年末从公司服务器内窃取的。“账户信息可能包括姓名、电子邮件地址、电话号码、出生日期或者散列加密的密码(绝大多数利用bcrypt达到),在一些情况下,还有可能是加密或者未加密的安全问题和答案。”他说。
However, an ongoing investigation into the hack suggests that stolen information did not include unprotected passwords, payment card data, or bank account information, according to Lord. Payment card data and bank account information are not stored in the affected system, he added.
但是,据罗德所说,对这次黑客攻击行为的调查显示,被窃取的信息并不包括不受保护的密码、银行卡支付信息或者银行账户信息。他补充说,银行卡支付信息和银行账户信息并不存储在受影响的系统内。
The investigation has found that the attacker is no longer in Yahoo’s network. The internet giant said that it is working with law enforcement.
调查发现,攻击者并不在雅虎的网络中。这家互联网巨头表示,正在和执法机关合作。
Yahoo is notifying potentially affected users and asking them to promptly change their passwords.
雅虎通知可能受影响的用户,请他们立即修改密码。
Early on Thursday Recode reported that Yahoo was set to confirm a major data breach impacting hundreds of millions of users.
周四早些时候,Recode报道雅虎坐实了上亿用户的大量数据被泄露的事情。
Shuman Ghosemajumder, Chief Technology Officer of Shape Security, warns that the shockwaves from the breach could be felt far beyond Yahoo. “Most stories will focus on Yahoo users, but the damage there appears to have been done months ago, and Yahoo will simply reset all their passwords so no further damage can be done,” he said, in a statement emailed to FoxNews.com. “The real issue now is that these passwords will be used to breach thousands of other websites unrelated to Yahoo.”
互联网安全公司Shape Security首席技术官舒曼?格斯梅杰姆德警告称,数据泄露的后续影响可能很久之后才会被雅虎察觉。“很多报道都会关注雅虎的用户,但是现在这些损失似乎已经造成几个月了,而雅虎只是重设了所有的密码,以为这样就不会有后续的损失了。”他在一份给福克斯新闻的声明中说,“现在真正的问题是,这些密码可能会用来黑进上千个与雅虎无关的网站。”
Cybercriminals, he explained, could use advanced automated tools to discover where users have used those same passwords on other sites.
他解释说,网络罪犯可能会利用先进的自动化工具来寻找用户还在哪些网站使用了相同的密码。
The breach could also impact Yahoo’s $4.8 billion sale of its core business to Verizon. "Merger and acquisition deals always carry some level of risk - companies inherit each other’s problems such as pending lawsuits, poorly manufactured products or regulatory violations," explained Steven Grossman, VP of strategy and enablement for cyber security specialist Bay Dynamics, in an email to FoxNews.com. "Cyber-related problems are also on that list, yet, even as more companies continue to fall victim to data breaches, cyber risk is not as high a priority as it should be."
这起数据泄露事件可能会影响雅虎和威瑞森通讯之间48亿美元的并购案。“收购与合并总是伴随着一定的风险的。”互联网安全公司Bay Dynamics战略与执行副总裁斯蒂芬·格罗斯曼在给福克斯新闻的一封电子邮件中说,“互联网问题总是榜上有名,但是越来越多的公司却总是让用户的数据遭到泄露,网络风险没有得到它应该有的优先级关注。”