Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Ashley Madison Dating Site Members Face Multiple Security Threats

    By
    Wayne Rash
    -
    July 21, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Ashley Madison Breach 2

      No doubt the revelation of a data breach at the online dating site, Ashley Madison has 37 million people looking over their shoulder about now.

      Unlike some dating sites where singles are put in touch with each other, Ashley Madison exists to facilitate affairs between people who are already attached to someone else. The site’s motto, “Life is short. Have an affair,” explains it all.

      While the Ashley Madison breach is hardly the first dating site to be breached, it has significant potential to cause damage that goes far beyond some stolen credit card numbers, although that risk exists.

      The people who did the hacking, a shadowy bunch called the Impact Team, are threatening to expose all of the information they stole from the site, including names and contact information, but also including credit card numbers, compromising photos, and detailed preferences that most people would prefer not to be made public.

      At least some of this information has been posted publicly, according to security researcher and blogger Brian Krebs, who first reported the breach. Unlike most breaches where the goal is money, the Impact Team is demanding that Ashley Madison shut down the site and other similar companion sites.

      But the group is also promising to expose the complete contents of the databases belonging to Avid Life Media which owns Ashley Madison, and its companion sites, Cougar Life and Established Men.

      ALM reported the breach on its website, and has since updated its statements to say that it has used the provisions of the Digital Millennium Copyright Act to remove the posts related to the incident and to remove the information that was posted online.

      Considering that both ALM and the Ashley Madison site are located in Toronto, Ontario, it’s unclear how the company was using a U.S. law in Canada. The company has not responded to questions from eWEEK regarding this point.

      However, the company did respond to an email about the incident saying that reports about the material that was breached were incorrect. According to spokesman Andrew Ricci, who responded to eWEEK by email, assertions that ALM did not actually remove user data from their servers even when they were paid to do so were wrong. In addition, ALM is offering the full deletion option to its customers for free. The service, which the spokesman referred to as a hard delete, was previously a paid service.

      However, the spokesman was unable to confirm whether ALM was offering any sort of credit monitoring, despite the exposure of credit card numbers and other personally identifiable information.

      Ashley Madison Dating Site Members Face Multiple Security Threats

      According to Krebs and others, the breach may have been the result of a leak by a former employee or by a disgruntled employee who provided the access data to The Impact Team or who was part of the hacking team.

      As unfortunate as the Ashley Madison breach might be for the people who had signed up for the service, the potential danger goes far beyond their potential credit card numbers or personal embarrassment.

      While the initial public exposure of the data was limited and apparently brief, it was not a secret. Worse, if the information is ultimately made available in public, it will become a treasure trove for cyber-criminals.

      But the real risk goes even beyond that. Consider that 37 million people is about one fifth of the U.S. adult population between 25 and 65, an age group that represents the bulk of the Ashley Madison population.

      The potential overlap between this huge group of people and the personal information contained in other breaches, notably the breach of the U.S. Office of Personnel Management databases that took place earlier this year is unclear. But the fact is that there will be some people who appear on both lists.

      While the overlap may not be large, if only because people in the OPM breach with high security clearances are less likely to be ALM customers because of the nature of their background checks, statistically the likelihood is that there will be overlap.

      Now, imagine that you’re the state-sponsored hacking group that ended up with the data from OPM. What better way to come up with a short list of people that you will try to blackmail?

      It won’t be a total success because there will be some who have resolved their need to have affairs by becoming single. But there will also be those who will do anything to prevent their spouses from finding out that they were on the list, never mind the preferences and photos.

      And therein lies the lurking security problem of websites where someone else controls your data. It’s bad enough when the bank or your favorite department store loses your credit card numbers. But the security problem created by data that’s very personal getting out is orders of magnitude worse.

      Worse, there’s no good way to resolve a problem like this, short of avoiding this kind of dating site. Perhaps the best way to approach this sort of problem is to only share personal information that you don’t mind if it’s released in the public domain.

      Avatar
      Wayne Rash
      Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and is Senior Columnist for eWEEK. He is the author of five books, including his most recent, "Politics on the Nets". Rash is a former Executive Editor of eWEEK and Ziff Davis Enterprise, and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center, and Editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×