Practically every day we read about a major new data breach. Nothing seems safe – banks, retailers, even the government have been hacked, exposing our personal information.
Many people think the worst thing that could happen data security-wise would be for hackers to get into their bank account. But a lot of people – 37 million of them, plus a small group of executives – have something else to worry about.
Ashley Madison is a website for cheaters. The site’s tagline is “life is short, have an affair.” The company claims to be “the most recognized and reputable married dating company.” According to the site, “thousands of cheating wives and cheating husbands sign up every day looking for an affair. “
The company claims to have 37 million registered users. Those registered users now have to worry about the potential fallout that could come from having their names and addresses publicly revealed.
In the normal course of business when someone deletes an account the business retains information on the customer. Understanding that some people might not want a record to exist that they were users of the Ashley Madison website, the company offered a “full delete” option. In exchange for a $19 fee the company claimed it would remove all personal information about a person from their records.
Some hackers said it was impossible, and set out to prove the company wrong by hacking into the company servers. The hackers claim they have credit card data on all users of the site, including those who chose the “full delete” option. They further claim they can match up the credit card data with names and addresses, exposing everyone whoever used the site.
To prove their point the hackers have already released personal data on two people, one in Canada, and one in Brockton, MA. WBZ-TV in Boston said the data revealed about the Brockton man was very personal, including details such as
His user ID is “Heavy73; he listed himself as “married/attached”; he joined the site the day after Valentine’s Day, 2014; he likes “cuddling & hugging” and is into “discretion & secrecy.”
The hackers’ moralistic goal is to force Avid Life Media, the owners of the “sinful” site, to shut it down. In a manifesto they posted online they said Avid Life Media
has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.
It seems unlikely that the management of Avid Life Media will simply cave in to the hackers’ demands. The company reported revenue last year of $115 million, and claims to be ”very profitable.” One immediate impact of the hack: the company will likely have to shelve its plans for an initial public offering, at least for a while.
The impact of this hack goes beyond financial. As a commentator on CNBC said,
Should the Ashley Madison hackers reveal the names and personal details of its clients, it will be a busy summer for therapists, head-hunters and most of all, divorce attorneys.
As we implied in the title of this blog, there are some things that could be worse than getting your bank account hacked into. Especially since if your bank account is hacked into, you’re not responsible for any losses, your bank is. What’s at stake here is more than money: it’s people’s reputations, and as Shakespeare has Iago say in Othello,
Who steals my purse steals trash; ’tis something, nothing;
‘Twas mine, ’tis his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed.
Instead of continuing to play technological cat and mouse with cyber thieves, it’s time for a paradigm shift to a different way of securing data: PACid’s Bolt-On Strong Security would get rid of all the current data security vulnerabilities.