逾500萬名大企業員工電郵和密碼泄露

Personal details of 5.5m employees from the world’s 1,000 biggest public companies have been discovered onLine by a British cyber security firm that searched through data compromised by recent breaches of popular websites.

英國一家網絡安全公司對近期幾個高人氣網站泄露的數據實施了搜索，從而在網上發現了全球1000家最大公開上市公司550萬名員工的個人細節信息。

Digital Shadows found details including corporate email addresses and passwords from 97 per cent of the 1,000 companies. It did not name the individual companies concerned.

這家名爲Digital Shadows的公司發現的細節信息，包括來自這1000家企業的97%的員工的企業電子郵件地址及密碼。該公司並未點明涉事企業的名稱。

The UK firm trawled through data leaked from popular services such as LinkedIn, Dropbox and MySpace, looking for users who had signed up using their work email accounts. Many of them had reused their work passwords.

這家英國公司查詢了領英(LinkedIn)、Dropbox和MySpace等高人氣服務網站泄露的數據，尋找那些曾用其工作電郵賬號註冊的用戶。他們中許多人重複使用了他們在工作場合使用的密碼。

Nearly 300,000 people’s details had been stolen from dating websites, including Ashley Madison and Adult Friend Finder; Ashley Madison alone yielded corporate emails and passwords of more than 200,000 people working for big companies.

近30萬人的細節信息從Ashley Madison和Adult Friend Finder等約會網站被盜。其中，僅Ashley Madison網站就泄露了爲大企業工作的逾20萬人的公司電郵和密碼信息。

The cost of a single data breach can be enormous — an IBM study found that the average total cost to a company is $4m. High-profile victim TalkTalk lost 101,000 customers, spent ￡60m and faced a parliamentary inquiry. Last year, data breaches cost British businesses about ￡34bn.

僅僅一次數據泄露就可能造成巨大損失。IBM開展的一項研究發現，數據泄露爲每家企業帶來的平均總損失是400萬美元。備受關注的數據泄露受害者TalkTalk損失了10.1萬名客戶，花費了6000萬英鎊，還面臨議會的調查。去年，數據泄露爲英國企業帶來的損失約爲340億英鎊。

Much of the data uncovered by Digital Shadows had not been previously leaked — 90 per cent of the 5.5m usernames and passwords were newly available online.

Digital Shadows發現的數據大部分此前未曾披露過：550萬用戶名和密碼中90%都是新出現在網上。

“We were analysing leaks going back to 2012, so I thought we would see a lot of duplicates, but only 10 per cent of credentials had been in previous leaks,” said Rick Holland, vice-president for strategy at Digital Shadows. “Whenever a breach becomes public, the first thing our clients ask is: ‘Are these details new or repackaged?’ So this is bad news.”

Digital Shadows戰略部門副總裁裏克•霍蘭(Rick Holland)表示：“我們正在分析遠至2012年的泄露數據，因此我以爲我們會看到許多重複的數據，然而只有10%的憑據信息在此前的數據泄露中出現過。每當一批泄露數據公開時，我們的客戶問的第一件事就是：‘這些細節信息是新的，還是舊信息的重新打包？’因此，這是個壞消息。”

Studies have found that more than 60 per cent of people reuse passwords and compromised credentials can also be used for phishing attacks and extortion attempts.

研究發現，逾60%的人會重複使用密碼。而且，被泄露的憑據信息也可能被用於釣魚式攻擊(phishing attack)和敲詐企圖。

Combining stolen information can allow cyber criminals to piece together comprehensive user identities, cyber security experts said.

網絡安全專家表示，將被竊取的信息結合起來，令網絡犯罪者能夠拼湊出完整的用戶身份信息。

Cyber security consultants advise companies to require employees to change passwords every eight weeks and use additional security, such as requiring authentication through a mobile phone, for new sign ons. “Rolling out multi-factor authentication is really important to minimise that risk,” Mr Holland said.

網絡安全諮詢師建議各企業要求員工每八週更新一次密碼，並使用額外的安全手段，比如新登錄時要求通過手機認證。霍蘭表示：“實施多種類型的認證對於降低這種風險特別重要。”

Donald Trump has upset Sir Cameron Mackintosh and co-creators of the stage musical Les Misérables for playing one of their songs at his Miami rally.

唐納德•特朗普在邁阿密的競選集會上播放了音樂劇《悲慘世界》中的一首插曲，引起了製作者卡麥隆•麥金託什和其它音樂劇主創的不滿。

Mackintosh, a leading British theatre impresario, is to make his objection felt in a joint statement with Alain Boublil, the musical’s librettist and others who own the copyright.

麥金託什是英國著名戲劇經理人，他將同劇作者阿蘭•布比爾等其它版權人一起發佈聯合聲明提出抗議。

A copy released to the Guardian said: “The authors of Les Misérables were not asked for permission and did not authorise or endorse usage of Do You Hear the People Sing? at last [week’s] Trump rally in Miami, and have never done so for any of the songs from the musical for this or any other political event.”

刊登在《衛報》上的聲明寫道：“《悲慘世界》的作者們沒有收到許可申請，也沒有授權或允許特朗普在上週邁阿密集會上使用《Do You Hear the People Sing?》，歌劇中的任何一首歌曲從未被允許在這次或任何其他的政治活動中使用。”

Les Misérables has broken box office records worldwide, seen by more than 70 million people in 44 countries. It is a story of “broken dreams and unrequited love, passion, sacrifice and redemption”, with songs that include I Dreamed A Dream. In Miami, the Republican presidential nominee took the stage as Do You Hear the People Sing? blasted through the loudspeakers.

《悲慘世界》已在44個國家演出，觀看人次達七千多萬，打破了全球票房紀錄。它講述了一個關於“破碎的夢和暗戀、熱烈的情慾、犧牲和救贖”的故事。《I Dreamed A Dream》也是歌曲之一。在邁阿密，集會上的擴音喇叭高聲唱着《Do You Hear the People Sing?》，共和黨總統候選人在一片音樂聲中登臺亮相。

Mackintosh’s statement said: “As the musical’s popularity and universal message have been part of international popular culture for more than 30 years now, countless political and social movements around the world, including the first Bill Clinton and Obama campaigns, have independently embraced songs from the musical as a rallying cry for their own cause.”

麥金託什的聲明中說道：“因《悲慘世界》的知名度和辨識度，這部歌劇在30多年來已成爲國際流行文化的組成部分。全球無數政治和社會運動，包括比爾•克林頓和奧巴馬的首次競選活動，都各自使用了音樂劇中的歌曲作爲個人競選的戰鬥口號。”

Trump has upset musicians before. In May, he faced demands by the Rolling Stones to stop playing their music at his campaign events. Earlier, he faced criticism from Neil Young for using his Rockin’ in the Free World. Whether Mackintosh takes legal action remains to be seen.

特朗普的侵權行爲早有先例。五月份，滾石樂隊曾向特朗普提出停止在競選活動中播放其音樂的要求。更早時候，尼爾•楊批評特朗普使用了他的歌曲《Rockin’ in the Free World》。麥金託什是否就此採取法律行動仍有待觀察。

The intellectual property lawyer Mark Stephens of Howard Kennedy, said politicians were supposed to clear the use of songs. Sometimes permission was obtained without disclosing it was for a political purpose and there could be a question about whether Trump’s campaign said it would be used at a rally.

霍華德•肯尼迪律師事務所的著作權律師馬克•斯蒂芬森表示，政客們應該澄清對歌曲的使用情況。他補充說，有時出於政治目的會對獲得的使用權進行保密，但特朗普的競選團隊有無說明歌曲將在集會上使用還有疑問。

Asked whether Mackintosh could potentially have a legal case against Trump, he said: “Assuming that there wasn’t a fully disclosed, informed consent given, then he can sue for infringement of copyright.”

當被問道麥金託什是否可能起訴特朗普時，斯蒂芬森說：“假如歌曲使用沒有經過完全公開、知情的同意，他可以因著作權受到侵犯而起訴。”

The Trump campaign did not respond to a request for comment.

特朗普的競選團隊未對評論請求作出迴應。

Trump is among numerous politicians who have upset musicians. Bruce Springsteen objected to Ronald Reagan’s attempt to use Born in the USA as a backdrop for his re-election in 1984, and Mick Fleetwood has said that Bill Clinton’s campaign never sought permission for his 1992 campaign anthem, Don’t Stop.

除特朗普外，引起音樂人不滿的政客還大有人在。1984年羅納德•里根在第二次總統競選中試圖使用《Born in the USA》，遭到歌手布魯斯•斯普林斯汀反對。1992年比爾•克林頓使用《Don’t Stop》作爲競選歌曲，而米克•弗裏特伍德說這從未徵得他的同意。

Sometimes, however, there is harmony between musicians and politicians. The Northern Irish group D:Ream approved Tony Blair’s use of Things Can Only Get Better during the Labour party’s 1997 campaign.

不過，音樂人和政客也有和平相處的時候。1997年，北愛爾蘭組合D:Ream就同意了工黨託尼•布萊爾在英國大選中使用他們的作品《Things Can Only Get Better》。