Dating site hackers
The extramarital-affair online dating website Ashley Madison has been hacked, and the hacking group taking credit has threatened to release full details for the site's subscribers, which reportedly number more than 37 million across 46 countries, unless the service shuts down.The breach is a reminder that hackers can potentially expose not only the information that people share, but also the identities of those with whom they've shared it."We are working with law enforcement agencies, which are investigating this criminal act." But later on July 20, cybersecurity expert Alan Woodward reported that the Ashley Madison website appeared to only be intermittently online, apparently after coming under sustained distributed denial-of-service attacks, although no one immediately claimed credit for any such disruption.The apparent Avid Life Media hack attack comes just two months after a hack attack against a similar hookup site, Adultfriendfinder.com, which bills itself as being a "thriving sex community" (see Dating Website Breach Spills Secrets)."While we acknowledge the data breach, but only a small number of users were affected," said Anton, an employee at the dating site, who did not provide his last name in his email."The data leak was from one of our test databases, the majority of data were dummy data and were randomly generated, and the vulnerability was immediately remediated," he added.See Also: How to Scale Your Vendor Risk Management Program A hacking outfit billing itself as "The Impact Team" has threatened to release "all customer information databases, source code repositories, financial records, emails" tied to Ashley Madison.
If the database was compromised by a malicious actor, it would require no effort on their part to take over their account by simply logging in as that user.It should go without saying: change your passwords.And, don't use low-grade dating sites that don't care about your privacy.When asked about these discrepancies, Anton did not respond to a follow-up email.
Not everyone on the site was there to look for a fling or an affair, but this incident hardly inspires confidence in the online dating scene -- particularly given the damaging Ashley Madison affair (no pun intended) -- which embarrassed thousands and broke up families.
Even if the data was left online for a few hours, a leak is a leak.