>> I want to run down some of the more noteworthy data breeches that were broughtto light over the past few years with some interesting tidbits on each.
>>我想介绍一些在过去几年里被曝光的更值得注意的数据,每一条都有一些有趣的花絮。
One of the main things to focus on here is how many customers lost their confidentiality.
这里需要关注的主要问题之一是有多少客户失去了他们的机密性。
Announced in 2013, Target, 70 million customers affected.
2013年公布目标,受影响客户7000万。
The breach started when credentials from their HVAC company were stolen.
当他们的暖通公司的证书被盗时,黑客就开始入侵了。
Announced in 2014, Chase, 83 million customers affected.
2014年,大通宣布,8300万客户受到影响。
The breach started because JP Morgan's security team didn't upgrade a serverwith two-factor authentication.
黑客入侵的原因是,摩根大通的安全团队没有升级具有双重认证功能的服务器。
Home Depot, 56 million customers affected.
家得宝,5600万客户受到影响。
Like Target, the breach started from credentials stolen from a third-party vendor.
与Target一样,黑客入侵也是从第三方供应商窃取的凭证开始的。
Unpatched Windows systems were also directly in the mix.
未打补丁的Windows系统也直接参与其中。
Sony, confidential data from Sony Pictures, including personal information of employeesand their families, corporate emails, salary information, and unreleased films were released.
索尼,索尼影业的机密数据,包括员工及其家人的个人信息,公司邮件,工资信息,未发布的电影都被公布。
Sony was ordered to pull the film <i>The Interview</i>,which had a plot to assassinate North Korea's Kim Jong Un.
索尼被勒令撤下电影《我的>采访》《我的>》,该片曾密谋刺杀朝鲜领导人金正恩。
Announced in 2015, OPM, the Office of Personnel Management, 25 million users affected.
2015年,OPM宣布,人事管理办公室,2500万用户受到影响。
Security clearance information, as well as fingerprints were stolen.
安全过关信息,以及指纹都被偷了。
Secret agents, even if they changed their names were now no longer safe.
即使特工们改了名字,现在也不再安全了。
Ashley Madison, 40 million users -- and I say it like that because it was revealedthat most females were fake bots and not actual humans.
Ashley Madison, 4000万用户——我这么说是因为大多数女性都是假机器人而不是真正的人类。
Major League Baseball's Houston Astros.
美国职业棒球大联盟的休斯顿太空人队。
A front office executive went from the St. Louis Cardinals to the Houston Astros, changing jobs,and was required to turn his laptop and password.
一位前台管理人员从圣路易斯红雀队(St. Louis Cardinals)跳槽到休斯顿太空人队(Houston Astros),要求他交出笔记本电脑和密码。
A Cardinals executive tried the former executive's old passwordon the computer systems in Houston, his new digs.
红雀队的一名高管在休斯顿的电脑系统上试用了这位前高管的旧密码。
After mixing and matching with the old Cardinals' password, he got in.
在混合并匹配了旧基数的密码之后,他进入了系统。
Player rankings, confidential data, trade negotiation notes, and more were seenand subsequently dumped for all to see.
玩家排名,机密数据,贸易谈判记录,以及更多的东西被看到,然后被丢弃给所有人去看。
After the Astros reset their passwords, the Cardinals executive hacked the employee's email,getting the password reset email so he could continue his monitoring.
在Astros重置密码后,Cardinals高管侵入了该员工的电子邮件,获得了重置密码的电子邮件,以便他可以继续监控。
Kaspersky, a cybersecurity and antivirus provider.
卡巴斯基,网络安全和反病毒提供商。
LastPass, a password management service.
密码管理服务LastPass。
And Hacking Team, a company that sells hacking tools to governments and law enforcement.
黑客团队,一家向政府和执法部门出售黑客工具的公司。
All three of these entities were hacked themselves.
这三个实体都是自己被黑客攻击的。
Healthcare providers were breached.
医疗服务提供商遭到攻击。
Excellus BCBS had 10.5 million affected customers.
贝洛斯公司有1050万受影响的客户。
Anthem, 78.8 million affected customers.
Anthem公司受影响的客户达7,880万。
And Primera, 11 million affected customers.
Primera有1100万受影响的客户。
You can change your password after a hack, but you can't change your healthcare information,which includes among other things your Social Security number,home address, and patient health history.
黑客入侵后,你可以更改密码,但你不能更改医疗信息,其中包括社会保险号、家庭住址和患者健康史等。
The Ukraine power grid was hacked and would be again the following year, 2016.
乌克兰电网遭到黑客攻击,并将于2016年再次遭到攻击。
The first attacks started when workers clicked on an attachment,enabling macros in a Microsoft Word document.
第一次攻击发生在工作人员单击附件时,在Microsoft Word文档中启用宏。
Announced in 2016, the Society for Worldwide Interbank Financial Telecommunication, SWIFT,is a network through which financial institutions can sendand receive financial transaction information.
全球银行间金融电信协会(SWIFT)于2016年宣布,SWIFT是金融机构发送和接收金融交易信息的网络。
They were hacked.
他们砍。
The plot was actually uncovered when the hackers misspelled the word foundation.
当黑客拼错foundation这个词时,阴谋就被揭穿了。
Hacks on MySpace, the biggest hack ever at that point in time,exposed information on 427 million users.
MySpace遭到的黑客攻击是当时规模最大的一次,暴露了4.27亿用户的信息。
The dump of user information from hacks on Gmail, Yahoo!,and Hotmail total 273 million users.
来自Gmail, Yahoo!, Hotmail的用户总数为2.73亿。
LinkedIn, 117 million users.
LinkedIn, 1.17亿用户。
Oh, you might be thinking, "MySpace, who cares," right?
你可能会想,MySpace,谁在乎呢?
Wrong, people have a habit of reusing passwords.
错了,人们有重复使用密码的习惯。
Hackers don't care about your old MySpace account, they care about the passwordwhich you might be reusing for your bank website today.
黑客不在乎你以前的MySpace账户,他们在乎的是你今天可能会在银行网站上重复使用的密码。
How many old accounts do you not even remember about anymore?
有多少个旧账户你甚至都不记得了?
How many of them have passwords that you're currently using on your active accounts?
他们中有多少人的密码,你目前正在使用你的活动帐户?
Mark Zuckerberg, founder of Facebook, he himself was hacked in this very fashion.
Facebook的创始人马克·扎克伯格(Mark Zuckerberg)就是以这种方式被黑客攻击的。
His Twitter and Pinterest accounts were penetrated because his passwordfor those accounts was the same as the one revealed in the LinkedIn breach.
他的推特(Twitter)和Pinterest账户遭到入侵,因为他的账户密码与LinkedIn遭入侵时泄露的密码相同。
The hackers can tie your email address, your user ID, and even your name from old accountsto new ones that you're actively using today.
黑客可以将你的电子邮件地址、用户ID,甚至你的名字从旧账户绑定到你现在正在使用的新账户。
So yes, the MySpace hack is very relevant today.
是的,MySpace黑客事件在今天非常重要。
Oh, and don't reuse passwords ever.
永远不要重复使用密码。
Related to the recent United States presidential election, the Democratic National Committee,the Democratic Fundraising Committee, the Clinton Campaign,and Hillary Clinton's email server were all in the news for being hacked.
与最近的美国总统大选有关,民主党全国委员会(Democratic National Committee)、民主党筹款委员会(Democratic筹款委员会)、克林顿竞选团队(Clinton Campaign)以及希拉里克林顿(Hillary Clinton)的电子邮件服务器都因遭到黑客攻击而出现在新闻中。
Yahoo! announced that 500 million users were hackedand later announced a separate hack had stolen the information relatedto 1 billion users, taking away the uncoveted number one spot from MySpace,ranking it as the greatest data breach of all times.
雅虎先是宣布5亿用户遭到黑客攻击,后来又宣布另一场黑客攻击窃取了10亿用户的相关信息,夺走了MySpace未曾觊觎的第一名位置,成为有史以来最大的数据泄露事件。
What all these hacks do have in common is number one, the financial repercussions to cleanup these messes were in the tens of millions of dollars or more.
所有这些黑客都有一个共同点,第一,清理这些混乱的经济影响是数千万美元或更多。
And number two, most of the disclosures were multiple years after the actual hacks,which means the attackers were in, watching, observing, and collecting informationfor long periods of time undetected.
第二,大部分的信息披露都是在真正的黑客攻击发生数年后,这意味着攻击者在很长一段时间内都在监视、观察和收集信息,而没有被发现。
转载于:https://www.cnblogs.com/sec875/articles/10260826.html
相关资源:Cloud.Computing.Security.Foundations.and.Challenges