RPT-UPDATE 2-Hackers threaten to leak data of 37 million clients of cheating …

21 Jul 2015 | Author: | No comments yet »

Adultery website hacked, 37m cheaters feel the jitters.

NEW YORK (AP) — The parent company of Ashley Madison, a matchmaking website for cheating spouses, says it was hacked and that the personal information of some of its users was posted online. Have an affair,” goes the slogan of the website Ashley Madison, an online dating and social networking service that effectively encourages infidelity. A group calling itself the Impact Team appears to have compromised all the company’s data, and is threatening to release “all customer records, including profiles with all the customers’ secret sexual fantasies” if Ashley Madison and a sister site are not taken down.

They both steal information, but the good guys – the “white hats” – will do it to help pinpoint sites’ vulnerabilities so companies can reinforce weak spots. Million of adulterers could see their affairs shorted too, not speak of experiencing danger to life and limb itself from spouses, after hackers who stole 37 million personal records from the site threatened to release it if the website and its affiliates are not shut down. According to Krebs on Security, which first reported the breach Sunday, hackers have already published bits of the stolen data, including information on the site’s more than 37 million users.

Collecting and retaining user data is the norm in modern web businesses, and while it’s usually invisible, the result for Ashley Madison has been catastrophic. Toronto-based Avid Life Media Inc. says it has had the hackers’ posts — which included snippets of personal information — taken down and has hired a technology security firm. In hindsight, we can point to data that should have been anonymized or connections that should have been less accessible, but the biggest problem is deeper and more universal. If services want to offer genuine privacy, they have to break away from those practices, interrogating every element of their service as a potential security problem.

A bad day may be underestimating the potential impact. “You could really ruin someone’s life,” said Chase Cunningham, threat intelligence chief at cloud-computing company FireHost. “Without question, this is incredibly valuable information,” said J.J. Thompson, founder and chief executive of Rook Security, an IT security firm. “[Site users] are now vulnerable to a significant secret.” Even if the information is taken down quickly, it could easily be used as leverage not just for financial gain, but to influence decisions by any of those victims in positions of power, he said. The service was engineered and arranged like dozens of other modern web sites — and by following those rules, the company made a breach like this inevitable. Average consumers have marginally less to worry about. “Unless you’re a really high profile individual … it’s pretty unlikely that anyone is going to come and take the time and blackmail you because you used the site,” said Geoff Webb, senior director of solution strategy for security management firm NetIQ. “For an individual user, it’s embarrassment more than anything.” The bigger risk is that people those users know might search any public information dumps to see if they have friends, co-workers or spouses among the site users. “That would still be a very awkward conversation to have,” he said. The hacking follows the May breach of the dating website Adult FriendFinder, which involved the theft of names, email addresses and information about the sexual orientation or habits of up to 4 million of that site’s members.

Stressing the illegality of the hack, Paul Williams, chief technology officer of security consulting company White Badger Group, says neither hacker hat metaphor is wholly appropriate for committing an “ugly” act for a good reason. “This one is more like ‘hacktivism’ to me,” Mr. Noel Biderman, Ashley Madison’s CEO, confirmed the hack to Krebs, calling it ”a criminal act.” He said that the company was ”’working diligently and feverishly” to remove its customers’ data, some of which had already been leaked, from public view. Use of the site could also come back to hurt consumers in say, divorce or custody proceedings, said Thompson. “Everything is leverageable by the right person who is looking for the right thing,” he said. Ironically, Ashley Madison had boasted to reporters and bloggers only last year that its site was ”the last truly secure space on the Internet.” The latest leak comes only weeks after hackers stole and leaked online user data on millions of accounts from another hookup site called AdultFriendFinder.

Besides random personal data from members, the hackers also posted maps of the company’s internal servers, employee network account information, company bank account data and salary information, Krebs says. That was true long before the hack, and it was a serious data leak — but because it followed standard web practices, it slipped by mostly unnoticed. Wittkower, assistant professor of philosophy at Old Dominion University whose research involves the legal invocation of property rights to protect privacy, adds that since The Impact Team’s motivation is about morality – not aiding the company in boosting security or promoting criminal activity – even the more ambiguous “gray hat” label does not fit quite right.

Critics said its business model was ”built on the back of broken hearts, ruined marriages, and damaged families,” but the company argued that the affairs it instigated preserved many marriages. Instead, he says he favors ALM’s claim that the hack is an act of “cyber-terrorism.” The term, he says, “in some sense, seems way overblown, but as a factual description I think might be pretty accurate, because what they’re trying to do is to utilize fear in order to bring about a change in company policy.” “In this case, they want to stop the offering of these products,” Mr.

Consumers also tend to be focused on the financial repercussions, to the extent that in a recent MasterCard survey, 55 percent of people said they would rather have nude pictures of them leaked online than have their financial information stolen. Stolen information can be used in myriad ways, however—a health insurance hack might publicize health conditions or a stint in rehab, for example, while bank breaches could disclose how much credit card debt you have. “A lot of people are numb to the data breach stuff that’s happening, because it’s so regular,” said Cunningham. “But they’re not thinking about the implications of the data that’s being taken.” You find features that work on other sites and you copy them, giving developers a codebase to work from and users a head start in figuring out the site. They actually specifically identified a variety of properties and said, ‘these two should be shut down; the rest can stay up.’ So there’s a very specific political aim that seemed to be based in a moral judgment about those properties.

In a report called “Risky Business for AshleyMadison.com,” potential ALM investors were urged to take the AdultFriendFinder hack as a warning of the risks associated with a security violation. The worst practice of all was Ashley Madison’s “paid delete” service, which offered to take down user’s private data for $19 — a practice that now looks like extortion in the service of privacy.

Here you can write a commentary on the recording "RPT-UPDATE 2-Hackers threaten to leak data of 37 million clients of cheating …".

* Required fields
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site