Facebook泄露5億用戶數(shù)據(jù),,只因一個(gè)Bug?
Jonathan Vanian
2021-04-08
Facebook有超5億用戶數(shù)據(jù)遭泄露,電話號(hào)碼,、電郵地址等個(gè)人信息被黑客竊取。
上周末,,網(wǎng)絡(luò)犯罪情報(bào)公司Hudson Rock的首席技術(shù)官阿隆·加爾披露了這起數(shù)據(jù)泄露事件。他在Twitter表示:“如果你有Facebook賬戶,,那么賬戶關(guān)聯(lián)的電話號(hào)碼極有可能已遭泄露?!?/p>
遭泄露的信息包括Facebook賬號(hào)、定位信息,、用戶全名、出生日期,、電郵地址,、賬戶創(chuàng)建日期,、關(guān)系狀態(tài)和個(gè)人簡(jiǎn)介等。加爾說(shuō),,幾乎肯定的是,黑客會(huì)利用泄露數(shù)據(jù)實(shí)施網(wǎng)絡(luò)詐騙,,包括“社會(huì)工程”攻擊,。在這種攻擊中,黑客理論上會(huì)利用電話號(hào)碼等泄露數(shù)據(jù),,先與用戶建立信任,,最終說(shuō)服用戶透露更為重要的信息,,比如社會(huì)安全碼。
此次泄露事件是對(duì)Facebook數(shù)據(jù)隱私聲譽(yù)度的又一次重大打擊,。2019年,有家安全研究機(jī)構(gòu)披露,,2.67億Facebook用戶數(shù)據(jù)在網(wǎng)上遭曝光,。2018年,F(xiàn)acebook首席執(zhí)行官馬克·扎克伯格因Facebook涉及劍橋分析公司丑聞而接受國(guó)會(huì)質(zhì)詢,。在丑聞中,這家政治咨詢公司獲取了近8700萬(wàn)Facebook用戶的個(gè)人數(shù)據(jù),。
以下整理了關(guān)于此次大規(guī)模數(shù)據(jù)泄露事件的信息,以及如何保護(hù)自己免受黑客攻擊的建議,。
數(shù)據(jù)是如何遭泄漏的?
本周初,,F(xiàn)acebook在一篇博文中承認(rèn)了數(shù)據(jù)泄露事件,稱黑客利用聯(lián)系人導(dǎo)入工具的一項(xiàng)功能,,獲取了用戶數(shù)據(jù),。通常,,人們會(huì)使用該工具掃描智能手機(jī)中的電話號(hào)碼和聯(lián)系人信息,從而在Facebook與他人建立聯(lián)系,。
但加爾表示,F(xiàn)acebook聯(lián)系人導(dǎo)入工具的某一缺陷讓黑客有了可趁之機(jī),,可看到“與每個(gè)Facebook賬戶綁定的電話號(hào)碼”。正如安全專家米科·哈普寧在Twitter所提,,黑客利用聯(lián)系人導(dǎo)入工具的漏洞,創(chuàng)建了“一個(gè)囊括全球所有電話號(hào)碼的通訊錄,,然后再詢問(wèn)Facebook這些‘朋友’是否使用Facebook,?!?/p>
Facebook表示,當(dāng)?shù)弥泻诳屠寐?lián)系人導(dǎo)入功能漏洞后,,已于2019年修復(fù)了此問(wèn)題。該公司表示,“重要的是”要留意,,黑客并沒(méi)有“入侵”Facebook的系統(tǒng),例如通過(guò)注入惡意代碼,,削弱公司的安全防御體系。相反,,該公司認(rèn)為黑客是在從服務(wù)中“搜刮”數(shù)據(jù)。有批評(píng)人士指責(zé)該公司利用這種語(yǔ)義區(qū)別,,試圖淡化數(shù)據(jù)泄露的嚴(yán)重性,。
如何知道自己的數(shù)據(jù)是否被泄漏
訪問(wèn)安全研究人員特洛伊·亨特創(chuàng)建的網(wǎng)站Have I Been Pwned (HIBP),,查看自己的電郵或電話號(hào)碼是否在此次數(shù)據(jù)泄露事件中遭曝露,。
Facebook未表示是否會(huì)通知個(gè)人資料遭泄露的用戶。
如何保護(hù)個(gè)人數(shù)據(jù)
受數(shù)據(jù)泄露事件影響的用戶應(yīng)更新自己的密碼,。安全研究人員加爾指出,,F(xiàn)acebook表示正“從網(wǎng)上拿掉這些數(shù)據(jù)”,但尚不清楚他們是d如何能做到這一點(diǎn)的,,因?yàn)樗压螖?shù)據(jù)的黑客已把數(shù)據(jù)賣給了其他人。
Facebook還表示,,用戶應(yīng)為賬戶開(kāi)啟雙重認(rèn)證,,以此保護(hù)個(gè)人數(shù)據(jù),。
HIBP的運(yùn)營(yíng)者亨特建議,可使用1Password等安全服務(wù),,管理不同應(yīng)用程序里的多個(gè)強(qiáng)密碼,。(財(cái)富中文網(wǎng))
譯者:Emily
Facebook有超5億用戶數(shù)據(jù)遭泄露,電話號(hào)碼,、電郵地址等個(gè)人信息被黑客竊取。
上周末,網(wǎng)絡(luò)犯罪情報(bào)公司Hudson Rock的首席技術(shù)官阿隆·加爾披露了這起數(shù)據(jù)泄露事件,。他在Twitter表示:“如果你有Facebook賬戶,那么賬戶關(guān)聯(lián)的電話號(hào)碼極有可能已遭泄露,?!?/p>
遭泄露的信息包括Facebook賬號(hào),、定位信息,、用戶全名、出生日期,、電郵地址,、賬戶創(chuàng)建日期、關(guān)系狀態(tài)和個(gè)人簡(jiǎn)介等,。加爾說(shuō),,幾乎肯定的是,黑客會(huì)利用泄露數(shù)據(jù)實(shí)施網(wǎng)絡(luò)詐騙,,包括“社會(huì)工程”攻擊,。在這種攻擊中,黑客理論上會(huì)利用電話號(hào)碼等泄露數(shù)據(jù),,先與用戶建立信任,,最終說(shuō)服用戶透露更為重要的信息,比如社會(huì)安全碼,。
此次泄露事件是對(duì)Facebook數(shù)據(jù)隱私聲譽(yù)度的又一次重大打擊,。2019年,有家安全研究機(jī)構(gòu)披露,,2.67億Facebook用戶數(shù)據(jù)在網(wǎng)上遭曝光,。2018年,F(xiàn)acebook首席執(zhí)行官馬克·扎克伯格因Facebook涉及劍橋分析公司丑聞而接受國(guó)會(huì)質(zhì)詢,。在丑聞中,,這家政治咨詢公司獲取了近8700萬(wàn)Facebook用戶的個(gè)人數(shù)據(jù),。
以下整理了關(guān)于此次大規(guī)模數(shù)據(jù)泄露事件的信息,以及如何保護(hù)自己免受黑客攻擊的建議,。
數(shù)據(jù)是如何遭泄漏的?
本周初,,F(xiàn)acebook在一篇博文中承認(rèn)了數(shù)據(jù)泄露事件,,稱黑客利用聯(lián)系人導(dǎo)入工具的一項(xiàng)功能,,獲取了用戶數(shù)據(jù),。通常,人們會(huì)使用該工具掃描智能手機(jī)中的電話號(hào)碼和聯(lián)系人信息,,從而在Facebook與他人建立聯(lián)系。
但加爾表示,,F(xiàn)acebook聯(lián)系人導(dǎo)入工具的某一缺陷讓黑客有了可趁之機(jī),可看到“與每個(gè)Facebook賬戶綁定的電話號(hào)碼”,。正如安全專家米科·哈普寧在Twitter所提,黑客利用聯(lián)系人導(dǎo)入工具的漏洞,,創(chuàng)建了“一個(gè)囊括全球所有電話號(hào)碼的通訊錄,然后再詢問(wèn)Facebook這些‘朋友’是否使用Facebook,。”
Facebook表示,,當(dāng)?shù)弥泻诳屠寐?lián)系人導(dǎo)入功能漏洞后,已于2019年修復(fù)了此問(wèn)題,。該公司表示,“重要的是”要留意,,黑客并沒(méi)有“入侵”Facebook的系統(tǒng),例如通過(guò)注入惡意代碼,,削弱公司的安全防御體系。相反,,該公司認(rèn)為黑客是在從服務(wù)中“搜刮”數(shù)據(jù)。有批評(píng)人士指責(zé)該公司利用這種語(yǔ)義區(qū)別,,試圖淡化數(shù)據(jù)泄露的嚴(yán)重性,。
如何知道自己的數(shù)據(jù)是否被泄漏
訪問(wèn)安全研究人員特洛伊·亨特創(chuàng)建的網(wǎng)站Have I Been Pwned (HIBP),,查看自己的電郵或電話號(hào)碼是否在此次數(shù)據(jù)泄露事件中遭曝露,。
Facebook未表示是否會(huì)通知個(gè)人資料遭泄露的用戶。
如何保護(hù)個(gè)人數(shù)據(jù)
受數(shù)據(jù)泄露事件影響的用戶應(yīng)更新自己的密碼,。安全研究人員加爾指出,,F(xiàn)acebook表示正“從網(wǎng)上拿掉這些數(shù)據(jù)”,但尚不清楚他們是d如何能做到這一點(diǎn)的,,因?yàn)樗压螖?shù)據(jù)的黑客已把數(shù)據(jù)賣給了其他人。
Facebook還表示,,用戶應(yīng)為賬戶開(kāi)啟雙重認(rèn)證,以此保護(hù)個(gè)人數(shù)據(jù),。
HIBP的運(yùn)營(yíng)者亨特建議,可使用1Password等安全服務(wù),,管理不同應(yīng)用程序里的多個(gè)強(qiáng)密碼,。(財(cái)富中文網(wǎng))
譯者:Emily
Data from over half a billion Facebook users was leaked online, potentially exposing personal information such as phone numbers and email addresses to hackers.
Alon Gal, the chief technology officer of cybercrime intelligence firm Hudson Rock, revealed the data leak this past weekend, saying via Twitter “that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.”
Some of the leaked information included Facebook IDs, location information, full names, birth dates, email addresses, account creation dates, relationship status, and bios. Gal said that it’s almost certain hackers will use the leaked data for online scams, including “social engineering” attacks. In such attacks, a hacker could theoretically use leaked data like a phone number to build trust with users, eventually persuading them to reveal more significant information like a Social Security number.
The data leak is another major blow to Facebook’s reputation in data privacy. In 2019, a security researcher revealed that the data of 267 million Facebook users was exposed online. In 2018, Facebook CEO Mark Zuckerberg was grilled by Congress over Facebook’s role in the Cambridge Analytica scandal, in which a political consulting firm accessed the personal data of nearly 87 million Facebook users.
Here’s what you need to know about the massive data leak and how to safeguard yourself from hackers.
How was the data leaked?
Facebook acknowledged the data leak earlier this week in a blog post, saying that bad actors obtained the data by exploiting a feature in the company’s contact importer tool. People use the tool to scan phone numbers and contact information from their smartphones so they can connect with them on Facebook.
But a flaw in Facebook’s contact importer tool made it possible for bad actors to see “the phone number linked to every Facebook account,” Gal said. As security researcher Mikko Hypponen pointed out on Twitter, attackers exploited the contact importer flaw to create “an address book with every phone number on the planet and then asked Facebook if his ‘friends’ are on Facebook.”
Facebook said it fixed the contact importer flaw in 2019 after it had learned hackers were exploiting it. The company said that it’s “important” to note that bad actors did not “hack” Facebook’s systems, such as by injecting malicious code that would weaken the company’s security defenses. Instead, the company said, bad actors “scraped” the data from its service, a semantic distinction that critics allege is the company’s attempt to downplay the severity of the data leak.
How to know if you were impacted
People can visit the website Have I Been Pwned (HIBP), created by security researcher Troy Hunt, to see if their emails or phone numbers were exposed in the data leak.
Facebook did not say whether it would notify users whose personal data was leaked.
How to protect your data
People who were impacted by the data leak should update their passwords. Facebook said that it’s “working to get this data set taken down,” but it’s unclear how the company would do so since the criminals who scraped the data have already sold it to others, security researcher Gal noted.
Facebook also said that people should enable two-factor authentication on their accounts in order to access them, as a way to protect themselves.
Hunt, who operates HIBP, recommends that people use a security service like 1Password to help manage multiple, strong passwords across different apps.
財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有,。未經(jīng)許可,,禁止進(jìn)行轉(zhuǎn)載,、摘編,、復(fù)制及建立鏡像等任何使用。
