Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Member data pilfered, posted in apparent hacktivist-style doxing attack.
Call it hacktivism with a spin: a controversial website for people seeking others who want to have an affair was hacked and personal details of its members leaked online.
The CEO of Ashley Madison, a controversial website that facilitates adulterous affairs and hookups, confirmed to Krebs On Security that it was hacked and possibly by or with the help of an insider who is not an employee.
The attacker or attackers claiming responsibility call themselves The Impact Team, and said in an online statement that it grabbed data on all of the 37 million users of Ashley Madison and its sister sites Couger Life and Established Men. All three sites are owned by Avid Life Media (ALM).
The Impact Team reportedly dumped some 49 megabytes of information, including credit card information and internal ALM documents, with the promise of dumping all of the database if Ashley Madison's site isn't taken down.
The hackers said in their post with the stolen ALM information that the company's service offer for a "full delete" of user history and payment information is a farce, and that information is not "actually scrubbed," leaving real identities and addresses on the database, Krebs On Security reported.
"So here’s the the lesson for anyone creating accounts on websites: always assume the presence of your account is discoverable. It doesn’t take a data breach, sites will frequently tell you either directly or implicitly. Moral judgement about the nature of these sites aside, members are entitled to their privacy. If you want a presence on sites that you don’t want anyone else knowing about, use an email alias not traceable back to yourself or an entirely different account altogether," says security expert and Microsoft MVP for developer security Troy Hunt in his personal security blog.
Read more about the Ashley Madison breach here.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024