Motherfucker, son of a bitch!
In what appears to be more outrageous breaches that have taken place over the past few weeks, Ashley Madison, an online network for married people looking to have affairs, was hacked, exposing some of the private data of her 37 million. the user is at risk of exposure.
First reported by Krebs on Security, an adult-oriented website confirmed the breach late Sunday. Noel Biderman, CEO of Avid Life Media, the Toronto-based firm that owns AshleyMadison.com and several similar sites, revealed to Krebs that the firm is “working diligently and feverishly” to remove ALM’s intellectual property.
“We don’t deny this happened,” Biderman said. “Whether we like it or not, this is still a crime.”
The hackers, identified as the Impact Team, released what seemed to be random pieces of information on user accounts, in addition to internal data on Avid Life Media servers, employee salaries and network account information. Threatening to release all compromised data, Impact Team has made demands that Avid Life Media shut down Ashley Madison, in addition to another Avid Life Media site, Founded Men, threatening to release profiles together with “all secret sexual fantasies and matching credit card transactions, names and real address, in addition to documents and employee emails.
Hackers have stated in a lengthy manifesto accompanying some of the compromised data that Ashley Madison’s “full wipe” feature doesn’t delete user profiles as advertised, despite charging a fee for the profile deletion service. Citing lies told by Avid Life Media to its customers, the hackers stated that while the profile deletion feature promises “removal of site usage history and personally identifiable information from the site”, customer data remains intact and accessible internally to Avid Life Media.
The manifesto states “Users almost always pay by credit card; their purchase details were not deleted as promised, and included their real name and address, which is of course the most important information a user would want deleted.”
Avid Life Media has released an announcement apologized to its customers for its “criminal and unprovoked intrusion” and said “Currently, we have been able to secure our site, and close unauthorized access points. We cooperate with law enforcement agencies, who are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held accountable.”
Came off heels recently Adult Friend Finder hack, which exposed subscribers’ e-mail addresses, usernames, passwords, birthdays and zip codes, in addition to their sexual preferences, AM’s exposure may prove to be a fatal blow to Avid Life Media. Initial Public Offering (IPO) plan. Compromised data that was leaked after the Adult FriendFinder hack led to customers being targeted on social media sites like Twitter. While there has been no disclosure of credit card data from the Adult FriendFinder breach, the same can’t be said for Avid Life Media yet.
The Ashley Madison breach is too recent to determine what the info loss might have been, both for Avid Life Media and its customers. As embarrassing as the information being revealed, perhaps there’s some hope that the cyber community can begin to understand that what they consider privacy, and how companies protect that privacy are two totally various things. There’s nothing worse than the illusion of being protected from exposure.
In the 1998 film Enemy of the State, Thomas Reynolds, played by Jon Voight, says, “The only privacy you have left is the inside of your head.” That truth may be realized by some of the 37 million customers whose personal information and possible carelessness is now in the hands of entities that don’t have their best interests in mind.
Gabe Morales is Senior Security Manager for Accume Partners and has over 15 years of experience in IT Security. He specialises in vulnerability testing, social engineering, and security awareness training. He can be followed on Twitter @gmorales63. For more updates check Akum Blog. For questions or comments, please e-mail me at gmorales@accumepartners.com.
