Another Data Breach – Ashley Madison
Here at Homecybersifu, we are all about helping protect families from cyber crimes and cyber threats, especially with respect to what to do if you are compromised because of a company’s data breach. I discussed a couple of breaches in my last blog posts, in particular the Government Office of Personnel Management (OPM) and the LastPass Breach. Well, news just came out today of another breach, which we hope doesn’t affect too much of our reader base. But given that this breach affects 37 million members of that site, and mostly from the US and Canada, there’s a good probability that some of our readers might be concerned.
What site am I referring to? Brian Krebs, the security journalist and blogger than I follow daily, was the first to report that the Ashley Madison website was hit by hackers. Now for some of you who don’t know, Ashley Madison is a dating website in the likes of Match.com, E-Harmony, and Plenty of Fish, but the unique difference about this website is that is caters to helping married people cheat. Ashley Madison’s slogan is “Life is short. Have an affair”. And, with 37 million members to the site, it’s no wonder the divorce rate in the US is 50%. No wonder this cyber breach is pretty much front page story for many of the main news publications today.
So, what is the difference between this data breach and all the others? Well, obviously people who are cheating and having affairs would not like this information to go public because it can have grave consequences to their careers and their families. The hackers know this and they are threatening to release information about millions of customers. If you are a member of Ashley Madison, you don’t have to worry yet, as so far it isn’t easy to find the exposed cheaters online. But, if the hackers ever decide to publish the cache of information on a public website, then beware. Avid Life Media, the parent company for Ashley Madison, stated that they paid a top security team and have successfully removed all posts by the hackers that contained user data. But in all reality, if the information is put out there, I am sure some cyber criminals will recognize the value of the data and will download it to their own servers for possible use down the road.
Now from my understanding, this may be some form of cyber activism against the morality of married people having affairs and having a website that caters to that. Brian Krebs reported that hackers posted some data and were threatening to release all of Ashley Madison’s customer records if the website isn’t shut down. Cyber criminals are probably chomping at the bit to gain access to this information as it would provide a means for use in blackmail schemes. The hacker group, who call themselves the “Impact Team”, has threatened to “release customer records, including profiles with all the customer’s secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails”.
Whoever hacked into Ashley Madison appears to be upset over what the company advertises as a “full delete” service. For this service, if you pay a $19 fee they promise to completely erase a user’s profile and all of its associated data. Obviously, if you are/were a member, $19 would be a very minor fee which most would be more than willing to pay to have their tracks covered so no one can associate them with the website. Supposedly, Avid Life Media generated $1.7 million in revenue in 2014. The hackers claim that the “full delete” service that is being offered is a complete lie. The company may delete your profile completely from their servers. But, given that you most likely always pay for this service with a credit card, and therefore provide real names and addresses for the transaction, this is the most important information people would want removed. The hackers claim that these purchase details are not removed as promised, and this is the information they are threatening to release.
Back in March, another adult matchmaking website, Adult Friendfinder, had 3.5 million of its members compromised. Adult Friendfinder, claims to have “helped millions of people find traditional partners, swinger groups, threesomes, and a variety of other alternative partners. This included information on member’s sexual preferences, fetishes, and secrets which were exposed. Adult Friendfinder claims a membership of 64 million, so if you were a member of that site you have a 5.5% chance that your sexual secrets were compromised. CnnMoney has a good article titled “Adult dating site hack exposes sexual secret to millions” on how people were being blackmailed from this hack.
Now, we here at Homecybersifu are not the moral police, but obviously our first recommendation to minimize such threats would be to not subscribe to any of these adult sites. In cybersecurity, we conduct risk assessments based on the value of our information and the possibility of that data being hacked. My risk assessments would conclude that signing up and visiting many of these adult sites are high risk actions which is why we recommend not subscribing to these sites. The data that these websites collect are definitely high value targets for cyber hackers and is more likely targeted because of this reason.
But everyone’s risk assessment is different when determining whether they want to sign up for any of these sites or not. If you have a significant other, the impact of being associated with these adult sites to your family could be pretty severe if your membership is exposed. The risk to your family is most likely lesser if you are single and not in a relationship. The risk that your personal computer or laptop can be easily corrupted with malware and viruses when you visit other adult sites is greater than not visiting these sites.
If you do decide to visit and sign up for adult sites, good cyber security practices are imperative, such as backing up your computer in case you are compromised, having the necessary antivirus and firewall running, not going to sites which are not reputable or well known, and using different passwords for each account in case your login credentials are compromised. I would recommend you use a credit card that isn’t used you’re your general everyday credit card use. It would be easy to cancel the credit card if the adult site you are using it on is compromised. Now, there is no getting away from having your name and address associated with an adult website if you sign up for membership with a credit card. Unless, you are breaking the law and using someone else’s credit card to sign up. Or maybe you have a good single friend who will make payment on a membership for you. But he or she better be a trusted friend or else they could also use this to blackmail you too. I also recommend definitely use a different email address and a different password for the adult website account just in case it becomes compromised.
Now if you are a teenager or minor reading this blog post, our advice is flat out don’t even visit these sites. No good can come from visiting these sites if you are a minor. It’s probably illegal if you are able to sign up for these sites by some means if you are a minor. And this could also have ramifications when you start attending college or looking for a job.
I am sure adults will be adults and they have their own personal reasons for doing what they do. As I mentioned before, we here at Homecybersifu want to help protect every home user from cyber threats, cyber crimes, and data breaches. But always do your own risk assessment of what you are getting involved in and then take all the necessary cyber protections to minimize your chance of being compromised. Also, make sure you had a continuity of operation plan to ensure that you take steps to minimize the effect from the compromise and limit the damage. In this case, if you do have an Ashley Madison account, I would recommend cancelling your credit card you used to sign up, and changing your username and password to your account if possible.