雅虎数据失窃事件的教训
日期:2016-09-28 10:53

(单词翻译:单击)


Data theft may be an increasingly common occurrence on the internet.

互联网上的数据窃取事件越来越常见。

But even in these desensitised times, few breaches can match the one revealed by Yahoo on Thursday, when it announced the theft of personal information belonging to 500m users dating from 2014.

但即便是在人们对此类事件日益麻木的时代,也几乎没有哪起事件能比得上雅虎(Yahoo!)上周四披露的个人数据失窃事件。该公司上周四宣布,5亿用户自2014年以来的个人数据被窃。

The sheer scale of the infraction begs a host of questions about the company’s management and whether it took enough care of its customers’ personal data.

这么大规模的数据失窃引发一系列疑问,人们质疑该公司管理是否完善、其对客户个人数据的保管是否足够小心。

It also raises questions about public disclosure and issues over the future, or at least the price, of Yahoo’s $4.8bn sale to Verizon.

它还引发人们对另外两件事的疑问,一个是公开披露,另一个是雅虎以48亿美元将核心业务出售给Verizon的那笔交易的相关事宜——这笔交易未来命运如何、或者至少是还能否维持现在的价格。

In recent years, there has been a rising number of cyber breaches affecting companies and millions of users.

近年来,影响企业和数百万用户的网络入侵事件数量日益增多。

What is both striking and unnerving about the Yahoo case is that it went apparently undetected for two years.

雅虎事件令人感到震惊和不安的是,它似乎在两年的时间里都未被察觉。

The company’s claim that no high-value information such as credit card data were extracted is a cold comfort, and one that does nothing to excuse Yahoo for its failure to notice the cyber incursion.

该公司宣称,没有信用卡数据等高价值信息泄露。

Nor is it enough for the company to claim that the fact its attackers were state sponsored absolves them from spotting the tracks.

这不能提供多少慰藉,并且这种说法免除不了雅虎未能察觉网络入侵的责任。该公司宣称黑客得到政府的资助,这也不足以免除它未能发现入侵行为的责任。

The idea that the hackers were somehow invisible is anyway belied by Yahoo’s own account of how the breach was uncovered.

有人认为,黑客因这样或那样的原因是无法被察觉的。雅虎自己对这一入侵是如何被发现的所作的描述让这一说法不攻自破。

It instigated deeper security checks after a quantity of data popped up for sale for $1,800 on the so-called dark web and was reported by the technology publication, Vice Motherboard.

在所谓暗网上突然冒出大量以1800美元的价格出售的数据并被科技杂志《Vice Motherboard》报道之后,雅虎展开了更深层次的安全检查。

These procedures appear to have revealed the looting that the company now admits took place.

雅虎现在承认发生了的数据盗窃活动,似乎就是这些检查揭露出来的。

This sequence of events raises serious questions about Yahoo’s management and whether it took the security of its customer data sufficiently seriously.

这一系列事件令人严重质疑雅虎的管理以及该公司是否足够严肃地对待客户数据安全。

Before 2014, security experts claim the company was still using outdated and vulnerable encryption systems.

在2014年以前,安全专家宣称,雅虎仍在使用过时而且易遭受攻击的加密系统。

For a company which then had 1bn users on its network, this suggests an uncomfortably lax security culture.

对一家当时有10亿用户的公司来说,这暗示该公司的安全风气松懈得令人不安。

Given the scale and wealth of the Yahoo organisation, lack of resources cannot be seen in any way as an excuse.

鉴于雅虎组织庞大的规模和财富,它无论如何都不能把缺乏人力或物力作为借口。

No less concerning is the company’s behaviour in the wake of the discovery of the breach.

同样令人担心的是该公司在发现黑客入侵之后的行为。

Marissa Mayer, its chief executive, was made aware in July that a breach was being investigated but it is unclear precisely when Yahoo became aware of the scale of the problem.

雅虎首席执行官玛丽萨•迈耶(Marissa Mayer)在今年7月被告知,雅虎正在调查一起黑客入侵事件,但目前并不清楚,雅虎是何时知晓问题的严重程度的。

In early September, however, the company declared in a securities filing that it had no knowledge of any incidents of security breaches, unauthorised access or unauthorised use of its systems.

然而,今年9月初,该公司在一份证券备案文件中宣布,它不知道存在任何(这样的)事件,即其系统的安全屏障被攻破、(系统)被未授权访问或使用。

Its merger partner Verizon will no doubt be interested to learn more about what exactly the company knew when it delivered those words.

正与雅虎商谈合并事宜的合作伙伴Verizon肯定有兴趣进一步了解,雅虎在发表上述言论时到底了解多少信息。

This week’s disclosures do little for Yahoo’s already diminished reputation.

上周披露的事件对雅虎已经下滑的声誉毫无帮助。

Its future must now be in jeopardy, as could the Verizon deal.

雅虎的前景现在肯定面临危险,与Verizon的交易可能也是如此。

But the repercussions may well go beyond Yahoo.

然而,该事件的影响范围很可能远远超越雅虎。

With many users having the same passwords on multiple platforms, consumers are justifiably worried that the data breach might lead to their accounts at other sites being compromised.

很多用户在多个平台的密码相同,消费者有理由担心,此次数据泄露可能导致他们在其他网站的帐户受到连累。

If a company whose business is at the very heart of the world wide web has insufficient security, what other sites and services may be similarly vulnerable.

如果一家其业务处于万维网最核心位置的公司都不能提供足够的安全保障,那么其他网站和服务可能也容易受到攻击。

Regulators need to stress both the importance of vigilance and of the speed with which companies disclose breaches so that systemic weaknesses can be avoided.

监管机构需要强调企业保持警惕以及及时披露数据泄露事件的重要性,这样才能避免系统性薄弱。

Officials in the UK and Ireland, where Yahoo has its European headquarters, have already asked the US technology group to supply more details about the cyber attack.

英国和爱尔兰的官员已要求这家美国科技集团提供此次黑客攻击的更多细节。雅虎的欧洲总部设在爱尔兰。

Yahoo is the victim of a serious crime.

雅虎是一桩严重罪行的受害者。

But the lessons will go far beyond the company.

但这一事件带来的教训要远远超越该公司。

分享到