爱思英语编者按:数万用户的账户密码被叫卖被报导后,Twitter锁定了部分帐号。 
 
1.jpg
 
Twitter has locked some accounts following reports that log-in details for millions of users were on sale.
 
数万用户的账户密码被叫卖被报导后,Twitter锁定了部分帐号。
 
On Thursday reports surfaced that a Russian hacker called Tessa88 was asking for 10 bitcoins (?4,000) for access to a list of 32 million names.
 
周四有报道称一个叫作Tessa88的俄罗斯黑客对这份3200万用户登录信息清单的要价为 10 比特币(约合 4000 英镑)。
 
In a blogpost, Twitter said it was confident that the data had not come from a hack attack on its servers.
 
在一篇博文中,Twitter表示它坚信数据并非来源于黑客对其服务器的攻击。
 
But after scrutinising the list, it had locked some accounts and users would need to reset their passwords.
 
但在仔细审查了这份名单后,Twitter锁定了部分帐号而相应用户登录前需重置其密码。
 
"The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both," wrote Michael Coates, chief security officer at Twitter, in the blogpost.
 
“所谓的Twitter账户和密码可能来源于其他最近的泄漏事件,受害用户设备上盗取各网站密码的恶意软件,或者是两者的结合。”Twitter 的首席安全官Michael Coates在一篇博文中写道。
 
Security firm Leaked Source, which first shared information about the list, said its analysis suggested the information came from PCs infected with data-stealing malware.
 
安全公司Leaked Source率先添加了这份信息列表,成据分析表明这些信息来源于感染了盗窃数据的恶意软件的个人电脑。
 
’Sceptical’
 
怀疑论
 
Twitter’s cross-checking of the list showed that some of the log-in data being offered was real, said Mr Coates, and led to the micro-blogging service locking those accounts and forcing a password reset.
 
Mr Coates 称Twitter对这份列表交叉分析显示其提供的部分登录信息是真实的,故其账户服务被锁定并被强制要求重置密码。
 
He said Twitter had taken similar action in recent weeks as data from other breaches became publicly available.
 
他说近期发生了一系列其他网站用户登录信息泄漏事件,为此还采取了相应行动强化用户信息安全。
 
He did not say how many of the supposedly stolen log-ins were legitimate or how many accounts had been locked.
 
但他并未透露被盗的账户中能合法登陆的数量,或者说已被锁定的账户的数量。
 
Some security experts have expressed doubt about whether all the information in the list of 32 million log-in names is genuine.
 
一些安全专家对名单中3200万用户信息的真实性表示怀疑。
 
Per Thorsheim, who advises companies about security and safe log-in procedures, said he was "sceptical" about the data but added that he had not had chance to look through it himself.
 
Per Thorsheim—从事公司安全咨询服务(包括登录程序安全),表示他对泄漏的数据十分怀疑但他尚未浏览这些数据。
 
"A 32 million leak doesn’t make sense," he said. "It could be a very old leak from when Twitter only had 32 million users, it could be a chunk of the full dataset from a recent breach or what I usually think - it’s just made-up junk."
 
“一份3200万用户信息的泄漏名单没有任何意义”,他说。“这可能是Twitter只有3200用户时泄漏的数据,或者是最近一次泄漏事件的整个数据集,还可能是我通常所认为的一份虚构的垃圾名单。”
 
Troy Hunt, who maintains an online repository of breach data, told technology news site Ars Technica that he too had his doubts about the list.
 
从事维护外泄数据存储库的工作者Troy Hun告诉科技新闻网站Ars Technica的记者,他强烈怀疑这份名单的来源及真实性。
 
"I’m highly sceptical that there’s a trove of 32 million accounts with legitimate credentials for Twitter," he said. "The likelihood of that many records being obtained independently of a data breach and them being usable against active Twitter accounts is extremely low."
 
“我对名单中3200万用户的账户能合法登陆表示高度怀疑,”他说。“多数记录仅来自于数据泄漏且名单中用户是有效的Twitter活跃账户的可能性极低。”
 
The sale of the Twitter list comes in the wake of a series of "mega-breaches" which have seen data stolen from companies many years ago now being widely shared. More than 600 million passwords feature in the massive data dumps.
 
Twitter 用户信息名单的出售在一系列“百万数据泄漏”时间之后,多年前来自于企业泄漏的数据现正被广泛共享。超过6亿的具有密码的数据流传网络。
 
Cyberthieves are keen to get at this data because many people reuse log-in names and passwords so finding a working combination on one service may unlock many others.
 
网络窃贼渴望得到这些数据,是因许多人会重复使用登录账户和密码,而找到一个正在使用的用户名和密码组合可能就可以解开其他网站的服务。