#CyberFLASH: Buyer Beware . . . Lessons Learned From The Ashley Madison Hack

internet-privacy.jpg.size.xxlarge.letterbox“Life is short. Have an affair®.” This is the (in)famous marketing slogan used by Ashley Madison, a Canadian web site founded in 2008 and operated by Avid Life Media Inc. with the explicit mission statement of helping married individuals chat, connect and ultimately have affairs with one another. The site assured users that use of its services would be “anonymous” and “100 per cent discreet,” but, unfortunately, this was not to be the case.

Between July 15 and Aug. 20, 2015, a person/group identifying itself as “The Impact Team” hacked ALM and published details, initially on the Darkweb and eventually on the open web, of approximately 36 million user accounts. Leaked data included profile information (user names, addresses, passwords, phone numbers, the types of experiences they were looking for on the site, gender, height, weight, ethnicity, body type); account information used to facilitate access to the Ashley Madison service (e-mail addresses, security questions, hashed passwords); and billing information (billing addresses and the last four digits of credit card numbers); in addition to ALM internal documents and the CEO’s private e-mail messages. User information was quickly disseminated through several public web sites. Despite the best efforts of ALM’s counsel to quickly shut down the spread of data using DMCA copyright notices after the material appeared on Twitter and other social media sites, the breached information continued to be publicly searchable.

The fallout was swift. Reports of suicides in Canada and the U.S., myriad job resignations and marital breakups surfaced, arising from the data exposure and related public shaming. In Alabama, editors at one newspaper decided to print all the names of people from the region who appeared on the Ashley Madison database. Scammers and extortionists have also targeted Ashley Madison’s users (and alleged users) on a global basis, falsely claiming they could remove a user’s information from published data or threatening to publicly shame users online unless they sent a ransom payoff in Bitcoins to the blackmailers. Malware may have also been delivered through web sites offering to scrub user information from stolen data lists.

Read more here

#CyberFLASH: Ashley Madison could face class-action suit after massive data breach

slide_349495_3739937_freeSeveral high-profile hacks, including the recent attack against Ashley Madison, a website for people looking to have an affair, have raised questions about whether online activity is ever truly private.

Ashley Madison is built around the notion of safeguarding its users’ information — reflected in its signature image of a woman’s pursed lips making the ‘shh’ sign, seemingly meant to reassure would-be adulterers that their secrets are safe.

But now, hackers say 37 million accounts have been compromised.

The company’s owner, Toronto-based Avid Life Media, said Monday it has “always had the confidentiality of our customers’ information foremost in our minds” but was not able to assure its users that their information is safe.

A similar website, Adult FriendFinder, was also hacked in May.

‘Level of risk’

Is secret information online — from a sordid affair to an embarrassing Twilight fan-fiction blog — ever really secure?

Likely not, security and privacy experts say.

“What people should think about is just acceptable risk. Any time you’re using a computer or giving away information of any kind, there is the risk that can be misused,” says Andrew Hilts, executive director at Open Effect, a Canadian non-profit that does research on privacy and security.

“It comes down to what level of risk you’re comfortable with,” says Hilts.

Read more here

#CyberFLASH: Hackers Threaten To Expose Ashley Madison Users If Site Not Shut Down

tech-computer-web-marriageA group or person calling themselves The Impact Team has taken responsibility for the hack and says it will release the data if Ashley Madison and sister site EstablishedMen.com aren’t taken offline, according to cyber-security blog Krebs on Security.

“We will release all customer records, profiles with all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses,” the hackers wrote. “Avid Life Media will be liable for fraud and extreme harm to millions of users.”

The dating site has 37 million users.

Avid Life Media, which owns Toronto-based cheating site AshleyMadison.com, is apologizing for the invasion of its customers’ privacy, saying the confidentiality of the site’s users is a top priority.

The company says it has launched an investigation into the breach and employed a top IT security team to “take every possible step towards mitigating the attack.”

It says posts related to the hack, as well as all personally identifiable information about its users which was published online, has now been removed.

Avid Life Media also owns Cougarlife.com and Establishedmen.com. It says all its sites have now been secured, with all unauthorized access points closed.

But that won’t do much good in preventing the hackers from releasing the data they already have if they copied it over during the attack, technology analyst Rik Turner told Bloomberg.

“For Christ’s sake, if you’re going to cheat don’t do it online and leave yourself open,” Turner said. “Unless you’ve been living in a cave for the past few years and not reading a paper or receiving any TV signal, it should be obvious that everything is hackable.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.