In an age where everyone wants to keep their private information…well…private, it seems strange that so many would place very personal details on websites which resemble gigantic emergency flares painting 50 foot “All your dox be here” messages in the sky. Sure enough, something like 34 million people may be waking up today to news of so-called “online cheating site” Ashley Madison being compromised, shortly before jumping on the next plane to [insert tropical paradise here].
The hackers, called The Impact Team, claim their issues with the website are based around charges to delete data. Asking users to pay for data deletion has been around for a while, in various forms – from revenge porn sites to pages which upload criminal “Mugshots” then ask you to pay to remove (often, you’ll find the mugshot simply pops up on a related site asking for more money). Whether there’s more to it than this, it’s too early to say but the hackers demand the site stays offline or customer data is going to start being leaked.
With so many decidedly juicy leaks happening in recent months – AdultFriendFinder and OPM, to name but two – it’s highly likely some are already cross referencing the data from all of the leaks to home in on attractive targets. We’ve already seen some of this taking place with the AFF / OPM hacks, but this new breach could take things to a whole new level of horrendously awkward blackmail shenanigans should the Ashley Madison data start hitting torrents. Of course, there’s the potential for phishing and social engineering attacks further down the line too.
All in all, not the best day for fans of good Opsec. There have been suggestions that users of the site should have faked their personal details on the site – fake name, address, photograph, personal details, one-time use email address and so on. However, given the aim of the site one imagines that users wouldn’t want lie-laden secret liasons starting out with even more lies.
Then again, maybe that would be a good thing and they should all take up a new hobby. Should the hackers release customer data, an awful lot of families are going to be hit hard by the revelations – and should it remain hidden from view, there’s a large slice of murky moral questions to be had. However you look at it, there’s no easy solution to this one and whatever status quo remains will be impacting many people – whether they know it or not.
For quite a lot of Ashley Madison account holders, that far flung tropical paradise is probably looking rather appealing at this point…