What we know about the 50 million Facebook that were exposed
我们所知晓的大约有5000万脸书用户的数据遭泄露
▌ 部分素材来源于《今日美国》,世界播团队翻译
Facebook hasn’t revealed a ton about the data breach in which hackers exploited code that could let them take over around 50 million user accounts. CEO Mark Zuckerberg explained that the company’s investigation is still in its early stages. But this latest rupture is another bruise for a company that has already been hammered by a series of privacy and security violations, leading to a Zuckerberg grilling before Congress back in April.
脸书还没有透露黑客利用代码窃取大量数据的有关信息,不过据传这次泄露大约波及了5000万个用户的帐户。公司首席执行官马克·扎克伯格解释称,目前公司针对此事的调查仍处于初期阶段。但这一最新的披露对一家已经受到一系列隐私和安全侵犯行为打击的公司来说又是一次重创,此前的事件曾导致扎克伯格于今年的4月在国会接受质询。
Here’s what we know about this latest attack and what you should do about it:
以下是我们对这次最新的黑客入侵事件的了解,以及你应该如何应对:
Facebook says hackers exploited a vulnerability in the “View As” feature, which lets you see what your profile looks like to other people. Attackers were able to steal Facebook “access tokens” or the digital keys that keep you logged into Facebook so that you don’t need to reenter your password every time you use the app.
脸书表示,黑客利用了“视像”功能中的一个漏洞,让你可以看到你的个人资料在其他人眼中的样子。攻击者能够窃取脸书的“访问令牌”或着让您直接登录脸书的数字密钥,这样您就不必在每次使用该应用程序时都重新输入您的密码。
The vulnerability apparently stemmed from a change made in July 2017 in the way video was uploaded on the site, which the social network says impacted “View As.” Having obtained such access tokens, the bad guys were able to steal more tokens.
这个漏洞显然源于2017年7月视频上传方式的改变,该社交网站称这种改变同时也影响了“视像”功能。在获得了这样的访问令牌之后,坏蛋们就能偷到更多的令牌了。
Should I not use View As?
我不应该使用“视像”功能?
Actually, for now, you won’t be able to use it. While it investigates what happened here and who was responsible, Facebook has temporarily turned off the feature.
实际上,就目前而言,你已经无法使用它了。在调查了这里发生的事情以及谁应该对此负责的同时,脸书暂时关闭了这一功能。
Is my own account safe?
我自己的账户安全吗?
The short answer is you can’t know for sure, but Facebook has taken precautionary steps. On Friday, it forced some 90 million people to log out of their accounts –representing the 50 million it knows were affected, plus 40 million other accounts that took advantage of the View As feature in the last year.
最直接地回答是你不能确定,但脸书已经采取了预防措施。周五,它迫使大约9000万人注销了自己的账户-这意味着它知道有5000万用户受到了影响,另外还有4000万个账户在去年利用了这项功能。
Can I trust Facebook?
我还能继续信任脸书吗?
That’s a question many among Facebook’s 2.2 billion monthly active users are undoubtedly asking, and it is hard to blame anyone who doesn’t.
在脸书每月22亿活跃用户中,很多人都在问这个问题,这很难怪那些不这么做的人。
After all, this latest breach follows Facebook's disclosure earlier in the year of an estimated 87 million people who had their profiles scraped and improperly shared with Cambridge Analytica, a political ad-targeting firm. During his testimony before Congress, Zuckerberg acknowledged that Facebook can amass data to construct what are being referred to as “shadow profiles” of you, even if you never opted in or joined Facebook.
毕竟,今年早些时候,脸书披露了约8700万人的个人资料,利用这些人的个人数据与以政治广告定位的公司剑桥分析公司进行了不当交易,并私自分享了他们的个人资料。在国会作证期间,扎克伯格承认,脸书可以收集数据,构建所谓的“影子档案”,即使你从未选择或加入脸书。
That's going to wig some of you out for sure.
这肯定会让你们中的一些人大吃一惊。
Facebook did go to great pains to explain how and why it tracks non-users. You can read about such policies in this blog post from April, which privacy advocate Marc Rotenberg of the Electronic Privacy Information Center called at the time, “a giant surveillance warning label.”
脸书的确煞费苦心地解释了它是如何以及为什么跟踪非用户的。你可以在4月份的这篇博客文章中读到这类政策,电子隐私信息中心的隐私倡导者马克·罗滕伯格在文章中称之为,“一个巨大的监视警告标签”。
What steps should I take right away?
我应该立即采取哪些步骤?
Facebook claims you won’t need to change your password because of what has happened, but in my view better safe than sorry.
脸书声称你不必因为所发生的事情而更改你的密码,但在我看来,这比道歉更安全。
Gary Davis, Chief Consumer Security Evangelist, at McAfee recommends certainly recommend changing your password – and not only at Facebook, but at Instagram, Twitter and other social media accounts as well.
迈克菲公司首席消费者安全专员加里·戴维斯给出了非常坚定的建议,不仅要在脸书上,而且还要在Instagram、推特和其他社交媒体账户上,修改密码。
You hear this all time, but don’t use the same passwords at each place, either, something all too many folks do. McAfee research reveals a third of people rely on the same three passwords for every account they’re signed up to.
尽管你经常听到这样的话,不要在每个地方使用相同的密码,然而很多人依旧会这么做。迈克菲公司的研究显示,三分之一的人在注册的每个账户上都使用相同的三个密码。
Follow other longstanding cybersecurity best practices. For Tyler Moffitt, senior threat research analyst at threat intelligence provider Webroot, such practices include “disconnecting any unnecessary apps or games in social media platforms, making sure two-factor authentication is enabled and never giving out personal or financial information in your profile or private messenger conversations.”
遵循其他长期存在的网络安全隐患的最佳做法。在威胁情报提供商Webroot的高级威胁研究分析师泰勒·莫菲特看来,这种做法包括“在社交媒体平台上断开任何不必要的应用程序或游戏,确保启用双因素认证,并且绝不在你的个人资料或私人信使对话中泄露个人或财务信息。”
Visit Facebook’s Help Center – click the circled question mark near the top of the screen to get there – near to change your password, implement two-factor authentication (Facebook will ask for a security code if it notices a log-in from an unusual device), or take other steps. Meanwhile, in the Security and Login settings, you’ll see a list of all the places that you log into with your Facebook account; Facebook lets you log out of those places with a single click.
访问脸书的帮助中心-点击屏幕顶部附近的圈形问号,就可以到达修改密码那里,设置并实现双因素认证(如果脸书注意到来自不寻常设备的登录,它会要求提供一个安全代码),或者采取其他步骤。同时,在安全和登录设置中,您将看到一个列表,这个列表显示的是您使用脸书帐户登录的所有位置的列表;脸书让你只需单击一下就可以从这些地方登录。
What we know about the 50 million Facebook that were exposed ,我们所知道的大约有5000万脸书用户的数据遭泄露, ▌ 部分素材来源于《今日美国》,世界播团队翻译, ,Facebook hasn’t revealed a ton about the data breach in which hackers exploited code that could let them take over around 50 million user accounts. CEO Mark Zuckerberg explained that the company’s investigation is still in its early stages. But this latest rupture is another bruise for a company that has already been hammered by a series of privacy and security violations, leading to a Zuckerberg grilling before Congress back in April.脸书还没有透露黑客利用代码窃取大量数据的有关信息,但据传这次泄露大约波及了5000万个用户的帐户。 ,Here’s what we know about this latest attack and what you should do about it:,以下是我们对这次最新的黑客入侵事件的了解,与你应该如何应对: ,Facebook says hackers exploited a vulnerability in the “View As” feature, which lets you see what your profile looks like to other people. Attackers were able