37 million people who signed up to a dating site that promised them discretion have found out that the hard way that nothing online is sacred. The 37 million individuals in question signed up to the ashleymadison.com, a website that claimed to specialize in providing an avenue for married individuals to engage in extra-marital affairs. Their major selling point being that no one would discover the infidelity because both parties have something to lose.
The Impact Team have claimed responsibility for the attack and posted some of the stolen information whilst calling for the parent company (Avid Life Media) to shutdown the website. Failure to comply with the demands of the hackers could see the full data dump of ashleymadison.com, including credit card details, real names, pictures and messages.
The threatened release of the information would expose ALM to legal action from users whose privacy it had promised to defend, the hackers claimed.
The hackers are said to have acted as punishment for ALM for ‘lying’ about its ‘full delete’ service, which charged a $19 fee for deleting not only users’ personal details, but also any messages and images sent to other members. The service, which the hackers claim is a sham, earned ALM $1.7m in revenue last year. ALM have offered to waive the account deletion charge since the hack. A reported $200m IPO has been called of as a result of the breach.
Some commentators have argued that customer data is often an liability instead of an asset. This seems to be ever so true when talking about sites that claim to offer discretion and privacy and thus leads to further questions. Why did Ashley Madison keep user data on file? What was the reason for keeping real names and addresses? Why were users not given the ability to communicate via pseudonyms?
This latest hack should act as (another) warning to anyone tempted to share 'secrets' online. No wesbite or server is completely secure, all systems are hackable. The Ashley Madison breach should also remind users of the importance of encryption - data encrypted with a single key can be deleted by destroying the key associated with it. This is much easier than finding every piece of data entered in order to wipe the slate.
0 comments:
Post a Comment