Yesterday the news was made public that the website Ashley Madison had been hacked. This hack is interesting and notable on multiple levels. I do not condone what the website does; in fact I oppose what they do and stand for on moral and theological grounds.
However, the hack is interesting, at least to me, for what the hackers are demanding and its wider impact on society.
First, the hack was first reported by [Krebs on Security] which goes into some level of detail with typical denials and promises of investigations and we’re doing all we can language from the C suite. Avid Life Media, the company that owns the website is issuing DMCA takedown notices like crazy according to technology media.
The Krebs article notes that 37 million accounts were compromised, and based on the article the compromise looks to be pretty deep.
> “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with *over 37 million members*, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”
The hacker group calls itself “The Impact Group”, and whether or not they will continue to release information is unknown.
Ashley Madison charges customers $19 to “delete” your account data. The problem according to the hackers is that the data is not actually deleted.
Arstechnica did a pretty detailed look at this method of charging to delete your data and [recently summarized] the findings.
Now to the issues this ultimately raises for society and culture.
The hacking group demands that Avid Life Media take the website offline along with some others it owns. At first, this seems to be a good thing on moral grounds, but as you read the Krebs article it is learned that the reason for the demand is because ALM lied about deleting the profiles of its users.
This now makes the case more extortion than a stand on the moral high ground.
Next, and probably the most important thing to take from this most recent data breach is that no company, no matter how big or extensive its security systems are is able to keep the hackers at bay.
Consider each of the sites you are apart of right now. At some point, maybe tomorrow, maybe next month, maybe five years from now, that site will be compromised. Web security is just like airport or border security.
A website owner or server administrator has to be right 100 out of 100 times. It only takes one mistake, one error, one slip up in the code and the hacker can get through.
On many of the sites I manage and operate I run a security program. Attempts are made at least 50 times per day to compromise those sites.
Starting today evaluate your website usage and memberships. Update your security questions, change your password, use a [secure password manager] and be vigilant about your personal information.