Data stolen from a dating website aimed at "beautiful people only" has been traded online.
近日,一家仅针对“美丽人士”的约会网站的数据被泄密,并在网上进行贩卖。
The details of more than a million members including their weight, height, job, and phone numbers were discovered unencrypted online in December 2015. They have now been sold on the black market, said security expert Troy Hunt.
2015年12月,共有超过一百万人的体重、身高、工作还有电话号码这种细节信息没有经过加密就泄露了出来。安全专家特洛伊·亨特表示,现在这些信息已在黑市中进行贩卖。
The firm said the data belonged to members who joined before July 2015 and that no passwords or financial information were included.
该公司宣称,这些数据来源于2015年7月以前加入该网站的成员,不过其中并不包含任何密码和财务信息。
Security researcher Chris Vickery, who originally discovered it, told the BBC the firm acted quickly after he notified them - but by then, data had already been sold on.
网络安全研究人员克里斯·维克里最先发现了这个问题。他告诉BBC,当他通知该公司后,他们应对非常迅速。但那时数据已经开始进行交易了。
Beautiful People originally claimed the content was from a test server but Mr Vickery said the data itself was still genuine. "Whether or not it's in the test database makes no difference if it's real data," he added.
魅力人士网站最初声称这些内容来源于一个测试服务器,但维克里表示,不管怎样,这些数据都是真实的。“如果这些是真实资料,它们是不是在测试数据库中并没有什么区别。”他补充说道。
It also transpired that a second researcher had identified the same weakness on the same day.
据悉,另一位网络安全研究员在当天也发现了同样的漏洞。
"Now it's public, cybercriminals have the opportunity to use this information to steal personal identities or more," said David Emm, principal security researcher at Kaspersky Lab. "Unfortunately, once a breach of this nature has been made, there is not much that can be done."
卡巴斯基实验室首席网络安全研究员大卫·埃姆表示:“现在这些信息是公开的,网络罪犯有机会利用这些信息盗取个人身份甚至更多内容。不幸的是,一旦产生这种性质的漏洞,就已经无法挽回了。”
Cybercriminals use the genuine identities to synthesise new ones, and they tend to act within a month of receiving stolen data, said John Lord, managing director at identity data intelligence firm GBG.
身份数据情报公司GBG总经理约翰·洛德表示,网络罪犯利用真实身份合成新身份,而且通常在获取数据一个月以内采取行动。
"Organisations need to take action and use more data, analytical insights and triangulation of multiple-identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them," he said.
“相关组织需要行动起来,使用更多数据、运用分析见解以及多元化身份认证技术三角测量法来将身份盗窃对用户和服务商的影响降到最低。”他说。