Odaily星球日报讯 Cybernews 研究团队披露,包含苹果、谷歌、Facebook 等在线服务提供商的 160 亿条登录凭证遭泄露,其中仅单个数据库最大记录量就达 35 亿条。研究人员发现这些数据主要通过未加密的 Elasticsearch 或对象存储实例暴露,泄露数据包含信息窃取恶意程序窃取的访问令牌、会话 cookie 及账户元数据。 此次事件对加密货币行业构成严重威胁:攻击者可能利用泄露凭证发起针对性账户接管,尤其针对托管钱包或关联邮箱的平台。部分钱包允许将助记词备份至云服务的行为更放大风险。安全专家建议用户立即更新密码、启用双因素认证,并避免在非安全数字环境存储恢复短语。目前数据原始持有者身份尚未明确,但研究人员确认部分数据库可能归属网络犯罪组织。(Cointelegraph)
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.