VX號外: 末日天, 兩萬個"半"個人資料外洩 (20,000 Records with Management/Director Leaked on Doomsday)

Post date: Dec 21, 2012 9:29:42 AM

一間以買賣資料的公司外洩了各大公司, 院校和組織管理層合共兩萬個.

資料包括姓別, 所屬公司和地址, 職位,電郵地址, 有些更有個人手機號碼。為什麼我稱為"半"個人私懚?因為是牽涉了其工作資料。

不過, VXRL仍然認為非常嚴重. 因為可以給攻擊者發動Target Attack (Advanced Persistent Threat)或social engineering, 現已和PCO接觸,看看情況。

P.S: 有些人更是資訊保安經理 :-)

VXRL has found out 20,000 records and most of them are directors, senior management and managers in various giant-graded MNCs.

The record comprises name, contact number, company name and address, their position held, email address and even their personal contact.

We have found the site leaking out the records is an agency which allows people uploading and selling data at their site.

This incident is serious as those records could be "super" useful for targeted attack, APT and social engineering.

Case has been just reported to our good friend authority, PCO (www.pco.org.hk) and see how it goes.