Pinterest Stumbleupon Whatsapp
Advertisement

There’s this German word I love: Schadenfreude. It’s one of those weird words that doesn’t really have a direct English translation, but it roughly means taking joy at other people’s misfortune. It basically describes how I feel about what’s been happening to Ashley Madison recently.

Ashley Madison, for those not in the know, is a dating site that focused on facilitating extra-marital affairs. It can be thought of as the Facebook of philandering, with over 37 million registered, adulterous users. As is so often the case with dating websites, the overwhelming majority of their subscribers (between 90 and 95 percent) were men.

am-homepage

Here’s where the schadenfreude kicks in. They were recently hacked by Impact Team  – an otherwise unknown band of hackers – who threatened to leak their entire database unless the cheating website (and companion sites Established Men and Cougar Life) was shut down.

Avid Life Media, who own Ashley Madison, refused to comply. Earlier this morning, 9GB of data from the site was dumped onto a Tor darknet website. It contained everything. Not just usernames and emails, but also internal emails, corporate documents sexual preferences, biographical data, and even GPS locations. Ouch.

Advertisement

If you were caught up in the Ashley Madison leak, allow me to express a sincere and Nelson Muntz-like haw haw. I must admit, I’m not terribly sympathetic. But still, as a security writer I feel obliged to tell you a few things.

Change Your Passwords

Ashley Madison were thoroughly and utterly owned. There’s no escaping that. But I should give them credit for having some pretty sensible security procedures.

Passwords in particular were obfuscated using bcrypt; one of the most secure, one way hashing algorithms. In particular it was nice to see they weren’t storing passwords in plaintext, or the near-useless MD5 hashing algorithm What All This MD5 Hash Stuff Actually Means [Technology Explained] What All This MD5 Hash Stuff Actually Means [Technology Explained] Here's a full run-down of MD5, hashing and a small overview of computers and cryptography. Read More .

am-keys

The amount of sheer computational power required to break a bcrypt password is immense. That means if you used a secure, complex password, the odds of it being decrypted are relatively slim. But if you use a common or weak password, you should expect your password to be soon become public knowledge.

Either way, you’d be advised to change your passwords on any sites where you used your Ashley Madison password and never use it again.

Think About Credit Cards

Included in the data dump were records of financial transactions dating back to 2007. These included names, street addresses, emails, amounts paid, but not entire credit card numbers. Each of these records contains a four digit number that’s largely assumed to be either a transaction code, or the last four credit card numbers.

This in itself isn’t that much of a problem. There’s not a lot you can do with the last four digits of a credit card. But some companies do allow you to verify your identity with it.

am-cards

You might remember in 2012 when Wired columnist Mat Honan had his entire digital life eviscerated. Everything from his Apple mail, to his Google accounts. Even his Macbook and iPhone were remotely wiped.

This was made possible because Apple allowed people to authenticate with only the billing address, and the last four digits of a registered credit card.

It might be a bit paranoid. Hell, I’ve often been accused of being such. But if I got caught up in the Ashley Madison hack, I’d immediately cancel my card, and disassociate it from any of my online accounts.

Expect To Be Punished

Here, I really want to stress something. If you were caught up in the Ashley Madison hack, you should realize that private, intimate details about your life and sexual preferences have been made public. What was once personal is now open for the world to see. That’s just something you have to deal with.

It’s worth pointing out that when dating websites have been hacked in the past, it then resulted in the users being vigorously and thoroughly trolled, and their digital lives being flipped upside down.

When 4chan denizens hacked an unnamed Christian social network in 2009, they were able to make off with emails and passwords. These were then used to gain access to Facebook accounts, where the hackers then posted obscene, racist or lewd messages to embarrass the owners.

I didn’t agree with that then, and I wouldn’t agree with it now. That said, it wouldn’t be remotely surprised if something similar happened this time.

According to CSO Online, about 14,000 US government and military emails were found in the dump. British daily The Telegraph has said there were scores of .gov.uk emails. If you were one of them, don’t be surprised if you get in hot water with your employers.

By now, odds are pretty high that there are some tabloid hacks sifting through the leaked dump, probably with the help of someone who knows SQL. They’ll be looking for celebrities and politicians. If you are a public figure and used Ashley Madison, you can pretty much expect to be thoroughly and publicly disgraced.

Although, as we recently saw with Gawker What in the World is Up With Gawker? What in the World is Up With Gawker? Gawker.com, the popular gossip blog, stopped publishing anything for two days following the resignation of Tommy Craggs and Max Read, over the removal of an article written by Jordan Sargent last week. Read More , that’s probably not a good thing.

As anyone who’s read Jon Ronson’s magnificent So You’ve Been Publicly Shamed (or, for that matter, watched his latest TED talk) knows, we all share an incredible capacity for collective outrage and public shaming.

Start Making Amends

If you were on Ashley Madison, it’s safe to say you’re probably in a bit of hot water at home. That’s bad news for you, but great news for a few other people:

Firstly, you should apologize. If your significant other isn’t speaking to you, perhaps send her an emailed apology The Art Of The Apology: How To Say Sorry With An Email (And Mean It) The Art Of The Apology: How To Say Sorry With An Email (And Mean It) We all mess up, so asking for forgiveness is an important skill to have. Apology emails are not easy. Here’s how you say sorry with an email, whilst still being genuine. Read More . Maybe you could take a leaf from Robin Thicke’s book and write her an entire album.

Flowers are a safe bet, too. You probably won’t be able to afford 1-800 Flowers’s Ashley Madison package, but you can still send a thoughtful bouquet and card from your iPhone Forgot An Event? Send A Quick Card Or Gift From Your iPhone Forgot An Event? Send A Quick Card Or Gift From Your iPhone In the digital age, you have far fewer excuses for forgetting an important event — but when you do, you also have a lot more options for making up for it! Read More .

am-flowers

If that doesn’t work and you have to move out of the house for a few days, check out these 10 search hotel search engines The Best Hotel Search Engines to Grab Great Deals When You Travel The Best Hotel Search Engines to Grab Great Deals When You Travel We sat down to look for the best hotel booking experience online. The ones who are making it cheaper, easier and safer to get a room. Here are our definitive top 10. Read More .

It’s Going To Get Messier

At the time of writing, the Ashley Madison dump has been online for about 12 hours. It’s still very early days. I predict that in the week to come, we’ll see a lot more public embarrassment. A lot more marriages ended, and careers disrupted. It’s going to get messy, indeed.

Already, we’ve seen sites that facilitate access to the leaked data. There’s ashmadlookup.com, which simply confirms whether an email was in the database.

am-lookup

There’s also haveibeenpwned.com, who are taking a slightly different approach. Here, the data is only accessible for those who have verified their email address with them, due to the incredibly sensitive nature of the data.

So, what advice does Impact Team have for you?

“Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you’ll get over it.”

You can’t argue with that. Ashley Madison systematically failed to protect their customers. I don’t doubt they’ll find themselves in court in the months to come.

Over To You

Were you impacted by the Ashley Madison breach? Do you know someone who was? Want to talk about it? Drop me a comment below, and we’ll chat.

Photo Credits: Keys on Keyboard (Intel Free Press), How Many Credit Cards Should I Have? (Mighty Travels)

Leave a Reply

Your email address will not be published. Required fields are marked *