An affair to remember: The Ashley Madison breach
Blog Post
There have been so many data breaches, it takes a lot to garner much attention. Well, ever since large caches of stolen data from online cheating site Ashley Madison started popping up online by The Impact Team, an individual or group of hackers who compromised the company’s user databases, financial records, and other proprietary information, this breach is sure to be one that gets people talking… in one way or another.
While the full scope of this breach is unknown, including the full scope of the information compromised and why, one thing appears clear: for the 37 million users of AshleyMadison.com, the marital affair hookup website whose slogan is “Life is short. Have an affair,” and caters to men and women looking for “discreet encounters,” these encounters look to be affairs anything but discreet, but ones to remember!
The data released thus far includes sensitive internal data stolen from Avid Life Media, the foreign-based firm that owns Ashley Madison, as well as other hookup sites such as Cougar Life and Established Men.
For users of the site, The Impact Team said they will release real names, credit-card details, and secret sexual-fantasy information on millions of users, unless their demands are met. They justified their actions saying it was a response to the company’s misleading profile-delete policies.
Specifically, in a manifesto posted alongside some of the stolen data, The Impact Team said the hack took place in response to Ashley Madison's profile erasure system. The system promised users that if they pay $19, they can completely remove their account details and, therefore, have complete anonymity. But, according to The Impact Team, the full delete feature does not actually work, and they are intent on proving it.
This breach comes less than two months after cyber intruders leaked online user data from AdultFriendFinder, another online hookup site, which exposed personal information of about almost 4 million members.
The key takeaway from this breach is that, at this point, no online website can offer its users full anonymity or protection. As such, users beware – you play, you pay. As for companies offering discretion or anonymity, be careful what you promise: you may be writing a check your IT department cannot cash… or, in this case, cache.
While the full scope of this breach is unknown, including the full scope of the information compromised and why, one thing appears clear: for the 37 million users of AshleyMadison.com, the marital affair hookup website whose slogan is “Life is short. Have an affair,” and caters to men and women looking for “discreet encounters,” these encounters look to be affairs anything but discreet, but ones to remember!
The data released thus far includes sensitive internal data stolen from Avid Life Media, the foreign-based firm that owns Ashley Madison, as well as other hookup sites such as Cougar Life and Established Men.
For users of the site, The Impact Team said they will release real names, credit-card details, and secret sexual-fantasy information on millions of users, unless their demands are met. They justified their actions saying it was a response to the company’s misleading profile-delete policies.
Specifically, in a manifesto posted alongside some of the stolen data, The Impact Team said the hack took place in response to Ashley Madison's profile erasure system. The system promised users that if they pay $19, they can completely remove their account details and, therefore, have complete anonymity. But, according to The Impact Team, the full delete feature does not actually work, and they are intent on proving it.
This breach comes less than two months after cyber intruders leaked online user data from AdultFriendFinder, another online hookup site, which exposed personal information of about almost 4 million members.
The key takeaway from this breach is that, at this point, no online website can offer its users full anonymity or protection. As such, users beware – you play, you pay. As for companies offering discretion or anonymity, be careful what you promise: you may be writing a check your IT department cannot cash… or, in this case, cache.