遲到總比不到好吧。在黑客盜走數(shù)百萬用戶名和密碼四年后,，領(lǐng)英終于決定宣布發(fā)生了什么,。

上周三下午，領(lǐng)英用戶收到了一封電子郵件,，名為“有關(guān)領(lǐng)英賬號的重要信息”,，介紹了2012年黑客大規(guī)模入侵事件以及該公司的應(yīng)對措施。

簡而言之,，這封電郵的內(nèi)容是：“沒錯,，我們被黑了,。從2012年到現(xiàn)在你都沒有換過密碼，請注意舊密碼已經(jīng)作廢,。我們正在和執(zhí)法部門合作保護用戶信息安全,。”

領(lǐng)英還建議用戶采取一些基本的安全措施來保護賬戶：

除了竭盡所能保護用戶隱私,，我們建議用戶務(wù)必到安全中心了解如何啟用雙重認證,，使用強度更高的密碼來盡量確保賬號安全。推薦用戶定期更換領(lǐng)英密碼,。如果大家在其他的在線服務(wù)中使用了相同或類似的密碼,，建議全都更換。

2012年的黑客事件鬧得沸沸揚揚,，領(lǐng)英的新聞之所以再次引起關(guān)注,，是因為上周的媒體報道顯示，數(shù)據(jù)被黑的程度遠遠超過了預(yù)期,。

實際情況證明,，當(dāng)時的黑客事件涉及1.17億對電郵和密碼組合，而不只是之前報道里提到的650萬對,。所有泄露數(shù)據(jù)都在所謂的暗網(wǎng)上出售,。

領(lǐng)英在周三的電郵中表示，上周才“知道”在網(wǎng)上能夠買到2012年的被盜數(shù)據(jù),。聽起來似乎有點兒牽強,，因為盜竊數(shù)據(jù)基本上都是用來出售的。但我們愿意接受領(lǐng)英的解釋,。此外,，和領(lǐng)英群發(fā)的其他電郵不同，這封郵件還是有點用的,。

奇怪的是,，領(lǐng)英并未在電郵里承認安全措施很糟糕，也未就此道歉,。安全措施不夠一般包括加密手段比較弱,，比如未在加密算法中使用salt值，所以黑客很容易就能夠破解用戶的密碼,。

另一方面,，安全專家特洛伊?亨特就近期新聞發(fā)表權(quán)威文章指出，2012年的黑客事件并非公司現(xiàn)任管理層的失誤,，他們只是收拾前任留下的爛攤子,。

可以去網(wǎng)站https://haveibeenpwned.com查詢在領(lǐng)英的登錄電郵是否被盜（我的就被盜了）。同時為了安全起見,，請不要再使用像12345,、LinkedIn或者password等太容易被破解的密碼,。

譯者：Charlie

審校：夏林

Better late than never, I suppose. Four years after hackers plundered millions of LinkedIn usernames and passwords, the company has decided to tell us what is going on, at last.

On last Wednesday afternoon, users received an email titled “Important information about your LinkedIn account,” describing the massive 2012 hack and what the company is doing about it.

The short version of the email is something like this: “Yup, they hacked us all right. And, in case you haven’t changed your password since 2012, we’ve cancelled those older passwords. We’re working with law enforcement to protect you.”

LinkedIn also suggests users adopt some basic security hygiene:

While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.

While the 2012 hack was widely publicized at the time, the reason news of it flared up again is because of reports last week that revealed the breach was much, much bigger than initially thought.

It turns out that the hack affected 117 million email and password combinations—not the 6.5 million reported in the past. Oh, and the whole batch of them are for sale on the so-called dark web.

In its email, LinkedIn claimed that it “became aware” last week that the data stolen in 2012 was being made available online. This seems a bit of stretch—the whole point of stealing data is typically to sell it online—but we’ll take them at their word. And, unlike so many other LinkedIn emails, this one is definitely useful.

Oddly, the email did not include any acknowledgement or apology for the dreadful security practices used by LinkedIn in the first place. These included poor cryptography, such as failing to “salt” the data, which made it easier for hackers to unscramble users’ passwords.

On the other hand, as security expert Troy Hunt reports in a definitive account of the recent news, the 2012 breach is not the fault of the company’s current leadership team, who are simply trying to clean up the mess left by their predecessors.

You can check this site to see if your email is one of those that got stolen in the LinkedIn hack here (mine was). And, for goodness sake, stop using silly passwords like 12345, LinkedIn, or password.