小心黑客！随着科技的进步，人们可能认为网络安全性也在与日俱增。不过事实并非如此。如果历史有什么值得借鉴的地方，那就是被黑客袭击（甚至反复袭击）总是难以避免。光是上个星期，就有两家公司不幸中招：先是俄罗斯黑客在网上公布了600万名商务社交网站LinkedIn用户的密码，然后eHarmony也遭到了手法类似的网络袭击，很有可能是同一拨人所为。现在，我们就来回顾一下过去十年里最严重的几起网络安全事件。

    Beware the hacker. As technology evolves, one would think security is keeping up. Not exactly. If history is anything to go by, getting hacked -- sometimes more than once -- is inevitable. In the last week alone, two tech companies came under fire when Russian hackers reportedly published 6 million LinkedIn user passwords; eHarmony experienced a similar cyber attack, possibly by the same group. Here's a look at some of the biggest security breaches over the last 10 years.

索尼PlayStation Network

时间：2011年4月

受影响人数：7,700万

    索尼（Sony）在线游戏和电影服务的一次看似普通的故障演变成了史上最严重的网络安全事故之一。去年四月，黑客们侵入了7,700多万个PlayStation Network的账户，泄露的信息包括1,200万张未加密的信用卡号码，以及用户全名、密码和消费记录等用户信息。然而，这次灾难对于索尼来说只是个开始，索尼旗下的索尼在线娱乐（Sony Online Entertainment）和索尼影业（Sony Pictures）也先后遭到黑客袭击。

Sony PlayStation Network

Date: April 2011

Affected: 77 million

    What seemed like an ordinary service outage for Sony's online gaming and movie service became notorious for being one of the biggest online breaches ever. In April of last year, hackers gained access to over 77 million PlayStation Network accounts, with 12 million unencrypted credit card numbers as well as user information like full names, passwords, and purchase history. The debacle would prove to be just the first in a series of attacks against the tech giant, with Sony Online Entertainment and Sony Pictures also eventually falling prey.

Epsilon

时间：2011年3月

受影响人数：6,000万

    Epsilon是世界上最大的电子邮件营销公司之一，它的任务是帮助百思买（Best Buy）、第一资本（Capital One）、沃尔格林（Walgreens）等客户向顾客发送促销邮件。去年四月，该公司遭到了一次钓鱼式网络袭击，黑客利用虚假的定制邮件追踪用户的密码和财务细节等保密信息。在此案中，Epsilon公司约有100多个企业客户的约6,000万封顾客邮件遭到泄露。

Epsilon

Date: March 2011

Affected: 60 million

    As one of the world's largest permission-based e-mailmarketers, Epsilon helped clients like Best Buy, Capital One, and Walgreens send promotional emails to customers. Last April, the company was hit by a spear-phishing attack, which used fake, personalized emails to trick people into disclosing information such as passwords and financial details. In this case, an estimated 60 million customer emails from over 100clients were revealed.

RSA Security

时间：2011年3月

受影响人数：4,000万人

    去年还有另一次令人瞩目的网络攻击，黑客袭击了存储巨头EMC公司安全部门RSA的服务器，盗取了4,000多万个政企雇员的身份验证指令牌信息，这些身份验证指令牌是用来连入企业和政府网络的钥匙。【据高德纳咨询公司（Gartner Research）称，近80%的银行都使用这种验证指令牌。】自从遇袭后，RSA已经花了6,600多万美元来监控相关客户的信息。

RSA Security

Date: March 2011

Affected: 40 million

    Another high-profile breach last year occurred whenattackers compromised the servers of RSA, the security division of storage giant EMC, and gained access to the information of over 40 million authentication tokens used by employees to access corporate and government networks. (According to Gartner Research, nearly 80% of banks use it.) The company has spent over $66 million since then to monitor the information of concerned clients.

高客传媒

时间：2010年12月

受影响人数：130万

    高客传媒（Gnosis）旗下有Gizmodo、Jezebel和Jalopnik等知名博客，它一向习惯报道新闻，而不是自己制造新闻。不过2010年12月，一群自称“灵知”（ "Gnosis" ）的黑客在网上公布了一个500兆的文件，其中包括130万高客传媒注册用户的用户名、电子邮件和密码等信息。这个黑客团体称：“我们之所以攻击高客传媒是因为他们彻头彻尾的傲慢。”

Gawker Media

Date: December 2010

Affected: 1.3 million

    With blogs like Gizmodo, Jezebel and Jalopnik in its stable,Gawker Media is used to covering the news, not making it. But that's what happened in December 2010 when a group of hackers calling themselves "Gnosis" took responsibility for releasing a 500-megabyte file with the usernames,emails and passwords of up to 1.3 million registered users. "We went after Gawker because of their outright arrogance," the group said at the time.

美国在线

时间：2006年8月

受影响人数：65万

    2006年，美国在线（AOL）突然公布了一个文件，其中含有65万多名用户的搜索信息。虽然流出文件中的用户名与ID号是随机配对的，但是凭借流出信息的其它内容——如社保号码、地址等，还是可以追踪到这些用户。虽然后来美国在线删除了这个文件，但是信息已经外传。美国在线在一份声明中表示：“这是个大麻烦，我们对此深感愤怒和沮丧。用新的调查工具接触学术界本来是一次无害的尝试。但它显然没有经过适当的审查。如果经过了适当的审查，那么它也许马上就会被阻止。”

AOL

Date: August 2006

Affected: 650,000

    In 2006, AOL accidentally released a file with the search data of over 650,000 of its members. While AOL user names were swapped out with random ID numbers, the wealth of leaked information -- social security numbers, addresses -- made figuring out the identities of those users possible. AOL pulled the file down, but the information had already spread. "This was a screw-up, and we're angry and upset about it," the company said it a statement. "It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant."

Monster.com

时间：2007年8月

受影响人数：130万

    利用从招聘网站Monster.com的用户邮件中复制的证书，黑客侵入了这个热门招聘网站的招聘服务系统，盗走了近130万名求职者的简历信息，其中包括他们的姓名、住址、电话号码和电子邮件地址等。袭击的源头最终被锁定为乌克兰的一家主机托管公司的两台服务器，以及一批安装了恶意软件程序的个人电脑。

Monster.com

Date: August 2007

Affected: 1.3 million

    Using credentials stolen from Monster.com clients duped via email, hackers broke into the popular job recruitment serviceand made off with the resume information of almost 1.3 million job seekers, including names, addresses, phone numbers, and email addresses. The attack was eventually traced back to two servers at a Web-hosting company inUkraine and a group of personal computers loaded with a malicious software Program.

TJX公司

时间：2006年12月

受影响人数：9,400万

    如果2006年TJX公司的灾难能留给我们什么教训的话，那就是不管多大的企业也难逃黑客的攻击。TJX旗下运营着T.J. Maxx和Marshalls等品牌的2,000多家零售店，但却因安全漏洞而泄露了至少了9,400万个国内外账户信息，包括信用卡、借记卡和支票信息等。10个月后，Visa表示这次袭击至少造成了6,800万美元的涉及诈骗的损失。

TJX Companies

Date: December 2006

Affected: 94 million

    If there's anything to be learned from TJX Companies' debacle in 2006, it's that even the largest of companies is vulnerable. The retailer, which operates over 2,000 stores under brands like T.J. Maxx and Marshalls, suffered a computer breach affecting at least 94 million domestic and international accounts containing credit card, debit card, and check information. Ten months after, Visa said the hackcost it at least $68 million in fraud-related losses.

谷歌等

时间：2009年12月

受影响范围：21家公司

    这次袭击是史上最复杂的网络袭击之一。据谷歌（Google）表示，除谷歌之外，还有其他20家公司也是这起来自中国的网络袭击的受害者。黑客的目标之一是要侵入中国人权活动分子的Gmail账号，但谷歌同时也表示，最大的损失还是它的知识产权，不过谷歌并未详细说明。黑客当时通过旧版IE浏览器的一个漏洞侵入了谷歌的基础架构。

Google, et al.

Date: December 2009

Affected: 21 companies

    In what remains one of the most sophisticated hacks on record, Google reported that it, along with at least 20 other companies, were the target of a cyber attack originating fromChina. While one of the goals appeared to be the access of Gmail accounts of Chinese human rights activists, Google says the biggest loss was unspecified intellectual property. The culprit? A weakness in an old version of Internet Explorer used to gain access to Google's infrastructure.

CardSystems Solutions

时间：2005年6月

受影响人数：4000万

    2005年6月，黑客侵入了信用卡公司CardSystems Solutions的服务器，盗走了超过4,000万张Visa卡和万事达卡的信用卡信息，包括持卡人姓名、账号和验证码等。要盗走这些信息其实并不太难，因为CardSystems Solutions对大多数信息都未加密。事发几个月后，这家公司就被电子支付服务商Pay By Touch公司收购了——如今后者也早已倒闭。

译者：朴成奎

CardSystems Solutions

Date: June 2005

Affected: 40 million

    When hackers tapped into the servers of CardSystems Solutions, they made off with over 40 million Visa and Mastercard names, account numbers, and verification numbers. It wasn't very hard since CardSystems hadn't bothered to encrypt most of that data. Just months later,the company was acquired by Pay By Touch, a now-defunct payments company.