0条Plus

领英5亿用户资料遭泄露，已被拿到网上出售

JONATHAN VANIAN 2021-04-12

尽管被泄露的领英资料集不包括信用卡资料或社会保障号等敏感信息，但确实包含可能有利于作恶者进行其他复杂攻击的信息。

继脸书（Facebook）之后，超5亿领英（LinkedIn）用户资料又被黑客拿到网上出售，这是上周公布的第二起重大网络安全事件。

据安全新闻和研究机构CyberNews称，被泄露的大量领英用户资料包括用户ID、全名、电子邮件地址、电话号码、职务以及其他相关工作资料。

CyberNews分析师在一个黑客论坛上发现了大量被泄露的资料集，并能够证实这些资料为领英用户的账户资料。但这些资料有多旧，以及作恶者是如何获得这些资料的，目前尚不清楚。

领英在一份声明中称，虽然该资料集包含一些“可公开浏览的会员资料”，但“实际上都是来自一些网站和公司的汇总资料”，也就是说，作恶者用从多个平台搜集的资料创建了该资料集。

领英表示，其并未因黑客侵入公司内部资料库窃取资料而发生资料泄露。相反，作恶者是从领英对外开放的服务中窃取的资料，与脸书近期发生的网络安全事件一样。

“任何滥用领英会员资料的行为，例如搜集资料，均违反了领英的服务条款，”领英在一份声明中表示。“若任何人未经领英及领英会员同意试图获取并使用会员资料，我们会竭力阻止他们，并追究他们的责任。”

尽管被泄露的领英资料集不包括信用卡资料或社会保障号等敏感信息，但确实包含可能有利于作恶者进行其他复杂攻击的信息。例如，黑客可以利用电子邮件地址和电话号码等信息进行更加让人信服的网络钓鱼攻击，即向人们发送看似真实但却包含恶意网站链接的虚假电子邮件。

人们可以访问一些列出重大资料泄露事件的网站，如“Have I Been Pwned（HIBP）”，以便了解其是否受到资料泄露事件影响。

本周早些时候，一位安全研究人员透露，超5亿脸书用户资料遭泄露并被拿到网上出售。这些资料包括用户全名、电子邮件地址、电话号码和位置信息。（财富中文网）

翻译：郝秀

审校：汪皓

继脸书（Facebook）之后，超5亿领英（LinkedIn）用户资料又被黑客拿到网上出售，这是上周公布的第二起重大网络安全事件。

据安全新闻和研究机构CyberNews称，被泄露的大量领英用户资料包括用户ID、全名、电子邮件地址、电话号码、职务以及其他相关工作资料。

人们可以访问一些列出重大资料泄露事件的网站，如“Have I Been Pwned（HIBP）”，以便了解其是否受到资料泄露事件影响。

翻译：郝秀

审校：汪皓

Data from over 500 million LinkedIn users is being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook.

The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews.

CyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. It’s unclear how old the data is, however, and how the bad actors obtained it.

LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services.

The service, owned by Microsoft, said that it did not suffer a data breach involving hackers penetrating the company’s internal databases to siphon information. Instead, the bad actors scraped the data from LinkedIn’s public-facing service, similar to a recent cybersecurity incident at Facebook.

“Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service,” LinkedIn said in a statement. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”

Although the scraped LinkedIn data set doesn’t include sensitive information like credit card information or Social Security numbers, it does include data that could help bad actors perform other sophisticated hacking attempts. For instance, hackers could use data like email addresses and phone numbers to conduct more convincing phishing attacks, in which they send people bogus emails that look real but contain links to malicious websites.

People can see if they have been impacted by the data incident by visiting websites like Have I Been Pwned (HIBP), which list major data breaches.

Earlier this week, a security researcher revealed that data from over half a billion Facebook users was scraped and put online. That data included full names, email addresses, phone numbers, and location information.

精选评论

撰写或查看更多评论, 请打开财富Plus APP

热读文章

热门视频

500强行业分布