Internet cheating site, Ashley Madison, is making headlines this week across both mainstream and tech media for the data breach that could expose very intimate personal information for 37 million users. As with the AdultFriendFinder hack we reported on back in May, the potential damage to clients is significant. After all, Ashley Madison's slogan is "Life is short. Have an affair."
A hacking group known as The Impact Team also stole data from Ashley Madison's sister sites Cougar Life and Established Men. The group is threatening to release the entire stolen database if their parent company, Avid Life Media, doesn't shut down both Ashley Madison and Established Men. As Brian Krebs reported,
In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed. So that's the background for anyone who hasn't been listening to chuckled news reports or skimming headlines today. What's the real story? Well, for 37 million people, this story is real enough in and of itself. But there's more here than hacktivists and blackmail. Fundamentally, we need to shift the way we think about privacy and security on the Internet.
Some organizations take extraordinary measures to secure their data and their websites. They employ top-notch security pros, regularly test their defenses, and invest in best-of-breed hardware and software. Others, well, don't. As consumers, it's difficult to know who has their security ducks in a row and who is coming up short. Frankly, this isn't even easy in B2B settings where there is inherently more transparency and service providers are more likely to present security as a competitive advantage. Even the savviest of organizations, though, isn't immune to data breaches, sophisticated attacks, disgruntled employees, or that one staffer who falls victim to a spear phishing campaign.
So guess what? Whether it's through new revelations about government spying efforts or the latest hack and whether the attacks are motivated by money, ideology, or espionage, the Internet is neither a terribly secure nor particularly private place to hang out. As Fortinet's vice president of engineering, Hemant Jain, pointed out earlier today, it wasn't designed with security in mind. So what do we do?
Never forget that our digital footprints are bigger than we think. The latest social network is one hack away from delivering your personal information to the highest bidder. Or one publicly posted screen shot away from a total lack of privacy. Just as trusted staffers can become disgruntled employees overnight, and friends can quickly become enemies, databases can easily wind up in the wrong hands.
That's the consumer side of this equation. The business side is that security is becoming a differentiator across the board. It already is a differentiator in many B2B settings, although many organizations are still scrambling to back up their claims of iron-clad security. But this is going to continue trickling down to consumers as well. At least, I hope it does. Bottom line, consumers beware. Your private online activities are rarely (if ever) as private as you think. And businesses, security needs to be job one, no matter what your line of work or who your customers are. Ashley Madison is just the latest warning shot from a cybercrime industry that is already incredibly powerful and sophisticated.
Want to know more?
Why not become a CSO member and subscribe to CSO's mailing list.
Get newsletters, updates, events and more right here