Skip to content

密碼時代的終結:160億帳戶外洩事件告訴我們什麼

160 億筆憑證外洩:為密碼時代敲響的最後警鐘 

近期包含 Google、Apple 和 Facebook 在內的服務中,多達 **160 億筆**登入憑證遭到外洩,這不僅僅是又一起資料外洩事件,它更是宣告密碼時代終結的決定性事件。此次事件由資訊竊取惡意軟件( Infostealer)引起,外洩的憑證現正於暗網上被積極交易,揭示了我們數碼身份基礎設施中的系統性失靈。以密碼為基礎的安全時代已經結束。

固有的缺陷:為何密碼注定失敗

多年來,密碼一直是數碼安全中最薄弱的一環。它們從根本上就易受各種日益增長的威脅所攻擊,從暴力破解到精密的釣魚詐騙。人類心理是問題的核心;我們出於方便,會創建簡單、可預測的規律,或在多個服務中重複使用相同的密碼。這使得一組被盜的密碼變成了一把萬能鑰匙,足以解鎖個人的整個數碼生活,導致身份盜竊、金融詐騙和災難性的企業資料外洩。

新典範:無密碼驗證

為應對此情況,一個新的安全典範已變得至關重要:**無密碼驗證**。基於像 FIDO2 這樣的全球標準,此方法無需密碼即可驗證用戶,而是利用不易被竊取或猜測的因素,例如:你是誰(如指紋等生物辨識特徵)、你擁有什麼(如智能手機等設備),或你在哪裡(地理位置)。

其效益是革命性的。

  • 安全性大增:由於密碼已不存在,所有針對密碼的攻擊都將失效。

  • 用戶便利性提升:無需再記憶複雜的憑證。

  • IT 團隊解脫:終結了強制執行惱人的密碼政策和處理無盡重設請求的惡夢,讓他們能專注於更關鍵的安全任務。

從理論到企業實踐:iSIGN Password-less 的實現

要採納無密碼的未來,需要一個專為企業複雜性而設的解決方案。**Penta Security 的 iSIGN Password-less** 正是為彌補此差距而設計,能同時提供強化的安全性與無縫的用戶便利性。它不僅僅是移除作業系統的密碼,更深度整合了單一登入(Single Sign-On, SSO)功能。用戶只需一次簡單的設備登入,即可自動獲得授權,存取所有關鍵的業務平台,從協同作業軟件、ERP 到電子郵件。

此平台提供了企業精準地管理其安全環境所需的精細策略控制、整合式監控和異常偵測。憑藉全球安全認證(如通用標準 CC、優良軟件 GS)和穩健的加密模組,iSIGN Password-less 是一款為後密碼世界而設、企業就緒的解決方案。

無密碼驗證已不再是選項,而是安全與營運效率的新標準。

About Penta Security

Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.

As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

WAPPLES 連續第二年榮獲 2025 年國家服務獎

Penta Security 旗下 WAPPLES 慶祝 20 週年,並連續第二年榮獲國家服務大獎 

智慧型 WAAP 解決方案以其卓越的客戶滿意度和市場領導地位備受肯定,再次確立其在該獎項網絡安全類別中的唯一獲獎者地位。

Penta Security 的智慧型 WAAP(網站應用程式與 API 保護)解決方案 WAPPLES,再次於「2025 國家服務大獎」中獲得表彰,連續第二年榮獲「網絡安全解決方案」類別獎項。此項殊榮恰逢 WAPPLES 推出 20 週年,標誌著其在網站安全領域長達二十年的市場領導地位與創新歷程。

「國家服務大獎」旨在表彰獲得消費者卓越支持的機構,評選標準包括客戶滿意度、競爭優勢和服務管理等。「網絡安全」類別於 2024 年設立,WAPPLES 是該類別首屆且至今唯一的獲獎者。

自 2005 年推出以來,WAPPLES 已連續 17 年保持其在韓國市場排名第一的網站安全解決方案地位,並以其高偵測準確率和低誤報率而聞名。如今,它已是部署於全球 171 個國家的頂級 WAAP 解決方案,並作為 Cloudbric SECaaS 平台的核心引擎,保護著全球超過 70 萬個網絡業務。

Penta Security 的一位發言人表示:「在慶祝 WAPPLES 20 週年之際榮獲此獎項,對我們來說意義非凡。這印證了二十年來客戶對我們的信任,以及我們對創新的承諾。我們將繼續在此基礎上再接再厲,以提供最高水準的滿意度和安全性。」

About Penta Security

Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.

As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

加密是最後一道防線

超越合規:為何加密是現代網絡安全的終極答案 

近期 SK Telecom 的安全事件,嚴肅地提醒了我們網絡安全領域的一個基本真理:合規不等於安全。正如 Penta Security 的執行董事 Taejun Jung 所解釋,真正的資料保護需要一種主動積極的心態,將加密視為最終的防線,而非監管負擔。

在 SKT 的案例中,外洩的 USIM 資料並未被法律要求加密。然而,Jung 指出,當這些資料與其他資訊結合時,便能輕易地用於個人身份識別。這凸顯了「清單打勾式」安全方法的嚴重危險,以及為何企業必須主動擴大其加密範圍,超越最低的法律要求。

許多機構因擔心效能下降而對廣泛加密猶豫不決,但 Jung 認為這是一種誤解。他表示:「透過適當的系統優化,效能往往可以維持甚至提升。」並將加密重新定義為「一種保險,而非成本。」

展望未來,安全格局將由「連接性」所定義,這得益於人工智慧、自動駕駛、物聯網和雲端的推動。Jung 預測:「因此,透過加密來安全保護互聯數據的重要性只會日益增長。」這就是為何 Penta Security 積極研究同態加密和後量子密碼學等新一代技術的原因。

教訓很明確。在一個威脅不斷演變的世界裡,邊界防禦終將被攻破。Jung 的最終訊息呼籲一次典範轉移:「終究,加密是最後一道防線……加密就是答案。」

About Penta Security

Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.

As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Penta Security 將適用於 AWS WAF 的 Cloudbric 受管規則擴展至兩個新地區

Penta Security 於 GISEC 2025 展示領先數據安全解決方案,進軍蓬勃發展的中東市場 

Penta Security 已成功結束其在 GISEC 2025 的參展活動,該展覽是中東及非洲地區規模最大的網路安全展覽會,此舉突顯了公司對此快速增長地區的策略性重視。在杜拜舉行的這次活動,隨著市場對先進安全解決方案的需求急增,為我們提供了一個與合作夥伴和客戶交流的寶貴機會。

中東的安全市場正經歷強勁增長,預計年增長率為 9.6%。這得益於廣泛的數碼轉型、智慧城市計畫,以及如阿拉伯聯合大公國《個人資料保護法》(PDPL)等日益嚴格的資料保護法規所推動。

展覽期間,Penta Security 與超過 25,000 名安全專家交流,展示了其為應對區域挑戰而設計的企業級解決方案組合:

  • D.AMO:用於資料加密的全方位密碼學平台。
  • WAPPLES:一款智慧型網站應用程式與 API 保護(WAAP)解決方案。
  • Cloudbric WAF+:韓國首個用於網站保護的安全即服務(SECaaS)產品。

本次活動的一個主要收穫是,區內的銀行、政府機構和企業對 Penta Security 的 D.AMO 加密平台表現出濃厚興趣。此需求與該地區各國實施 GDPR 級別的資料保護法規直接相關,使得資料安全成為首要任務。

在與具潛力的合作夥伴及客戶進行了成功的會談後,Penta Security 已準備好迅速擴大其在中東和非洲網絡安全市場的業務版圖,繼續其在全球範圍內提供值得信賴的安全解決方案的使命。

About Penta Security

Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.

As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Cloudbric 在快速成長的 SaaS 市場中

SaaS 革命:雲端解決方案如何成為現代企業的基石 

全球向軟件即服務(SaaS)的轉變已是不可否認的趨勢,其市場正以驚人的速度增長。僅在韓國,今年的市場規模預計將超過 2.5 兆韓元。這不僅僅是一種趨勢,更是企業營運方式的根本性變革,其背後的驅動力,是在後疫情時代的數碼轉型世界中,對敏捷性和效率的需求。

SaaS 的吸引力在於其相較於傳統本地部署軟件的內在優勢。它免除了龐大的前期硬件成本,提供可預測的訂閱制定價,並具備無與倫比的可擴展性。對企業而言,這意味著可以根據需求自由擴展或縮減服務,同時也將 IT 團隊從手動軟件更新和維護的負擔中解放出來。

開創安全即服務的先河:Cloudbric 的故事 Penta Security 很早就意識到此潛力。2015 年,當 SaaS 模式在韓國尚在起步階段時,我們便推出了全國首個安全即服務(SECaaS)平台 Cloudbric。今年,在我們慶祝其 10 週年之際,Cloudbric 已從單一的網站安全解決方案,發展成為一個全面的安全平台。

此模式的力量在 Cloudbric 的成長中有目共睹。如今,它已獲得全球 171 個國家、超過 1,100 家企業客戶的信賴,提供一套穩健的解決方案組合,包括網站應用程式防火牆(WAF)、零信任網絡存取(ZTNA)和網絡威脅情資平台 —— 所有服務都無需安裝硬件,可完全在網上存取。

隨著數碼轉型的持續加速,SaaS 模式已不再是替代方案,而是標準配備。作為 SaaS 安全領域的先驅,Penta Security 及 Cloudbric 平台處於絕佳位置,能幫助企業安全且高效地駕馭這個新格局。

About Penta Security

Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.

As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×