Ashley Madison -- Can it possibly get any worse? (tl;dr: YES)

Vote now: Tweet <a href="" target="_blank">@RiCHi</a>

The Ashley Madison hack continues to make headlines. Naturally, that's because the news keeps getting worse.

Worse for website owners Avid Media Group. But worse for the real victims, more importantly -- the people named in the hacked data dump.

Prurient interest notwithstanding, there's still plenty to say about this uncomfortable event. And no shortage of intelligent commentators to say it. (And then there's John McAfee.)

In IT Blogwatch, bloggers furiously smh.

curated these bloggy bits for your entertainment.

As usual, Brian Krebs cycles in to drop this bomb:

Late last week, the Impact Team...released a 30-gigabyte archive that it said were emails lifted from AshleyMadison CEO Noel Biderman. [It alleges that] Raja Bhatia, the founding [CTO] hacked another dating website, exfiltrating their entire user database. ... “I got their entire user base,” Bhatia told Biderman.

As bad as this breach has been for AshleyMadison and its millions of users, it’s likely nowhere near over: Hackers...have just released a “selected dox” archive...including a 100-page movie script co-written by Biderman called “In Bed With Ashley Madison,”...a scan of the CEO’s drivers licence, copies of personal checks, bank account numbers, home address, and his income statements. ... Leaving aside the proliferation of sites that now allow suspicious spouses to search for their significant other’s email address...some users are finding themselves on the receiving end of online extortion attacks. Worse still, [there are] two unconfirmed reports of suicides.

Neither Bhatia nor Biderman could be immediately reached for comment.  MORE

Troy Hunt hears from "hundreds" of AM members:

I was being inundated with email...not just asking questions, but often giving me their life stories. [They] shed a very interesting light on the incident...that doesn’t come across in the sensationalist news stories.

One of the things that struck me most about the entire incident [is] the very poor communication from Avid Life. ... There has been no direct communication with members that I’m aware. [It's] if they’ve just stuck their fingers in their ears and sung “lalalalalala.” [They] solely focussed on no financial data being compromised. Do they really think that after the most intimate, private aspect of people’s lives has been put on public display that a credit what they’re worried about?!

I want to illustrate how important it is not to immediately assume that everyone on the site is cheating on their partner. [Don't] immediately make assumptions just because someone’s email address was on the site. ... Let us not confuse that with the issue of adultery. ... Many people were indeed just curious [but] extramarital affairs tear families apart. [Nevertheless] you can’t escape the human tragedy that this data breach has brought to a head.

This incident needs to be approached with the understanding that for many people, this is the worst time of their life and for some, it feels like the end of it.  MORE

David Kravets sounds sympathetic to Shakespeare's Dick The Butcher:

It's a safe bet that a ton of divorce lawyers and child custody lawyers have already made gobs of cash.

Now another breed of attorney is entering the scene in anticipation of capitalizing on the feeding frenzy. ... Class-action attorneys are currently following the...blood trail in hopes of winning a monetary payday for themselves and the site's millions of members.

The elephant in the room here is how much traction a lawsuit...would get. Ashley Madison site members who sought damages...would have to expose themselves as being one of the site's 39 million account holders. ... A jury might not be so sympathetic to Ashley Madison users' claims that being outed caused them humiliation.

Traditionally, data breach cases have largely ended...with big payouts to plaintiffs lawyers while the victims...get little, if anything.  MORE

And Kristen V. Brown alleges another class of people "cashing in":

Steve was desperate for a way to keep his information from spreading...and didn’t want his wife to find out. A few days after the leak, he received an e-mail from a company named Trustify...letting him know that someone had used the tool to search his e-mail address [and] offered to help him hide the exposed data [for] $67 an hour.

We reached out to Trustify for information on how exactly the company plans to help victims. ... Trustify readily admits that it can’t really help anyone hide what’s already out there. “We are in the business of helping customers find the truth, we aren’t in the business of modifying the truth.”

It seems more like cashing in. ... Trustify readily admits that because of the hack, business is booming. ... All Trustify is doing is providing people access to information that’s already public, for a fee, while advertising itself as a solution.  MORE

Meanwhile, John McAfee (yes, that John McAfee) alleges another allegation:

Ashley Madison was not hacked - the data was stolen by a woman operating on her own who worked for Avid Life. ... It was an inside job.

I gleaned this information from reliable sources within the Dark Web. ... Any adept social engineer would have easily seen this. ... It was clear that the perpetrator had intimate knowledge of the technology stack of the company.

It seems, without a shadow of doubt, to be an open and shut case.  MORE

But rhtimsr1970 ain't so sure:

McAfee's findings are based on his own personal whims for which there are many easy rebuttals.

McAfee is rushing to conclusions. ... I'm not sure why I never bother reading his lunacy anymore.  MORE

And dakdestructo agrees:

Read like satire, having no knowledge of this guy beforehand. His reasoning for the perpetrator being a woman seems pretty thin.

He has to brag about himself before giving the evidence just to cover up how ****** it is. "Trust me bro I'm 100% right you don't need to know why but I guess you can read it if you need to."  MORE

You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycloud security

More about AvidClassindeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Richi Jennings

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place