MAJOR Data Breach at AshleyMadison.com
Although as stated on their website, Ashley Madison (owned and operated by Avid Life Media) is “the world’s leading married dating service for discreet encounters”, the users of the site have just found out their private data was not secure after all. Despite what your personal values make you feel about a website that profits from creating extra-marital affairs, the site clearly has a responsibility to protect the private information of its’ customer data. Based on news reports to-date, they failed miserably in that regard and now the results range from funny jokes on late night TV to much worse.
The hackers, who call themselves the Impact Team, have posted on the dark web for all to see, personal information including e-mail addresses and account details from 32 million of the site’s members. And it a lot of data… 10 MB compressed. The data includes 36 million e-mail addresses and over 10,000 from the govt domains alone! Before publishing the data, the Impact Team took the role of internet and blackmailed Avid Life Media in advance to take down the site, for two reasons:
- They criticized Ashley Madison’s core mission of arranging affairs between married individuals.
- They made Ashley Madison the poster child for questionable security promises with its requirement that users pay for the privilege of deleting all their data from the site, an never actually scrubbed the data.
According to a published statement by the hackers the security was surprisingly lackluster:
Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.
Clearly, the embarrassment of subscribers to have tough talks with their spouses will take place for months, but so much more is at stake from employment to lives. According to authorities involved there were at least 2 confirmed suicides as a result of the information leak. This teaches the holders of confidential data like Avid Life Media, that the information they are guardians of is much more valuable to protect than just bits and bytes.
But even more in store for Ashley Madison and Avid Life Media. There is no doubt that this incident will impact the subscriber base of the site and likely lead to multiple class action suits on behalf of those impacted.
The Response? Escalate!
Avid Life Media, is now offering a $500,000 Canadian ($377,000 U.S.) reward for information to help catch the hackers.