What The Ashley Madison Leak Taught Us About Security
 

This last Tuesday, more than 32 million people had their personal information and private profiles leaked online by a group of hackers. The victims were registered users of Ashley Madison, a dating website for men and women seeking an affair.

The hackers call themselves “The Impact Team” and posted the information to the deep web, a hidden corner of the Internet unindexed by search engines. The information dates back to 2007 and includes millions of real names, physical addresses, phone numbers, credit card transactions and secret fantasies.

Last month, The Impact Team gave Ashley Madison an ultimatum: take down the website or risk having their users’ data exposed. With close to 40 million active users prior to the data breach, shutting down evidently wasn’t an option for the dating site.

The hackers didn’t back down. They wrote that Ashley Madison charged users a $19 fee to have their profiles and data permanently erased, but never actually deleted it. The Impact Team was unapologetic in leaking the information, and some are even praising the group for acting as a crusader against infidelity.

Others are expressing their concerns about online privacy. Affected users paid Ashley Madison to keep their affairs private – but now face ruined relationships, losing their jobs, and even blackmail. They may have signed up for reasons many don’t agree with, but humiliating them publicly in this manner is like bringing back the stockades.

As AWL writer John Herrman pointed out:

“It’s easy to kid about the fact that these people were using a site intended to help them cheat. But if understood in more abstract terms, this hack has the potential to alter anyone’s relationship with the devices and apps and services they use every day.

Here were millions of people expecting the highest level of privacy that the commercial web could offer… it’s a powerful reminder of the impossibility of perfect privacy.”

Over the past year we’ve seen major data breaches of companies including Target, Sony, and many others shown here in an interactive graphic. The reality of the situation is that no one is fully protected against hackers exposing private information.

The New York Times reported that last year, nearly half of American adults had their personal information exposed to hackers. Security breaches are becoming so common the NYT even published this questionnaire where you can figure out how many times your information has been exposed to hackers in recent years.

Cybersecurity measures need to be greater from both the consumer and business perspective. As a consumer, here are some lessons learned from the Ashley Madison hack that you can use to protect yourself online.

Be Wary of Where You Use Your Credit Cards

credit-card-online-security

The biggest mistake Ashley Madison customers made? Using their credit cards.

Credit cards carry a lot of personal information, that’s how hackers were able to dig up the majority of the data that was leaked. Every time you use your card online, your transaction and personal information is stored on a database.

Not all sites use encryption with SSL, which allows sensitive information like credit card numbers to be transmitted securely. When you make online purchases, always make sure the site has a lock symbol and https in the URL because this signals a secure connection.

Hackers can still reach the information stored on companies’ databases, which is what ended up happening with Ashley Madison. The Verge writer Russell Brandom believes that storing customer data is often a liability rather than an asset:

“Why did the site keep users’ real names and addresses on file? It’s a standard practice, sure, and it certainly makes billing easier – but now that Ashley Madison has been breached, it’s hard to think the benefits outweighed the risk.” 

Businesses need to find more secure ways of storing customers’ information, or security breaches will become even more common than they are now. When making purchases online, you can use a prepaid debit card on sites you don’t trust to prevent your personal information from becoming public.

Take Extra Steps To Protect Your Personal Information

google-two-step-verification

Sites like Google, Facebook, Apple, and others offer 2-step verification, which gives your information another layer of protection. When you log in to that site from a computer for the first time, a text will be sent to your phone with a code you can use to log in.

You can choose to not repeat the 2-step verification process after you’ve logged in to a computer you trust. If someone tries to access your account from another device, 2-step verification will still be required and your account is protected.

Though it takes extra time, it’s worth taking every step you can to protect your personal information from hackers. All it takes for someone to steal your password is a single click on a bad link or even using the same password on multiple sites.

Install antivirus software on your computer that lets you know if the sites you browse and the files you download are secure. There are free antivirus programs that exist like Malwarebytes that you can use to periodically scan your computer for threats you may not even know were there.

Know That Everything You Say and Do Is Public Online

facebook-laptop-security

Even the most secure websites can get hacked. As the Ashley Madison hackers just proved, privacy on the internet these days is becoming an illusion. As this article illustrates, all data has the potential to go mainstream one day.

Keep your social profiles private if you have any revealing information displayed – even your hometown can be used to break in to a person’s bank account Monitor your credit score and bank account transactions frequently if you make purchases online.

Also keep in mind that nothing is ever completely erased online. If you pay a site, like Ashley Madison for example, to wipe your data there is no way of proving that it’s actually gone. Even though it doesn’t show up on a quick search, it could still exist in that site’s backroom and be exposed to hackers.

Be careful about what you post online and understand how the sites you browse can use your information.

Have you or anyone you know ever been a victim of an online data breach? Let us know in the comments and thank you for reading!

*Note: We take information security seriously at NetHosting.  Our data center is 100% PCI compliant to provide the highest level of network security. You can read more about our security policies and data center here

what-is-pci-compliance

2 Comments

  1. Ashton August 21, 2015
    Reply

    Great write-up on security essentials on the web! Is it true that the hackers were originally demanding that the site be taken offline, though? My understanding was that they wanted the site to revoke certain practices that were unethical (even within the context of a dating site for adultery).

  2. KresLynn Ellsworth August 21, 2015
    Reply

    Hey Ashton! Thanks for your comment. I believe that was and still is the demand of the hackers, I read that here: http://time.com/4002647/ashley-madison-hackers-data-released-impact-team/. In their initial threat, they wrote: “Shutting down Ashley Madison will cost you, but non-compliance will cost you more.”

Leave a comment

Please fill out CAPTCHA * Time limit is exhausted. Please reload CAPTCHA.

*