There is simply no other news in infosec this week; everything else pales into insignificance compared to the hackers making good on their threats to Ashley Madison from a month ago and eventually dumping all the data. As with all public data breaches, I was eager to get the data into Have I been pwned? (HIBP) but it was really important I did so in an ethical way. Fortunately I planned this in advance and wrote about how I was going to handle the breach if it ever saw the light of day. And it has – in spectacular fashion.
This whole story is so multi-faceted in so many ways. There’s copious media coverage (of varying quality) covering every aspect of the incident. I thought I’d pick out the ten reactions from the public that I found most intriguing about the whole event and share them here.
1. This was a site for people to have affairs – they got what was coming to them!
There’s a distinct lack of sympathy from many people simply due to the intended function of AM. It’s not surprising to see ethical judgements like this passed, despite the real world impact it could have on families.
2. We’re seeing DMCA takedown requests for sites making the data publicly searchable
AM were particularly aggressive with taking down any distributions of the sample data set leaked back in July. It’s unsurprising they’ve also gone after sites like checkashleymadison.com which now explains that the service is offline due to legal threats.
3. How do I get my data off the internet?
I appreciate the sentiment and the more tech savvy among us understand the futility of this question, but if points to the desperation that many people are now feeling as a result of this breach. I’ve had a lot of requests of this nature and unfortunately the only answer is “talk to your wife” (which it almost always will be – wife, that is).
4. The media is turning it into a circus
We’re seeing live radio announce a husband’s infidelity to his wife, the press naming and shaming public figures for their presence on the site and countless other episodes of the media just going nuts. Coverage of the story is fine, but doing further damage to those impacted is not a good look.
5. It’s only the “dark web”, right?
I keep seeing this “data is only on the dark web” statement which is entirely misleading. The original torrent file appeared on a Tor hidden service and then… went viral. Now peer to peer torrenting is occurring en mass without any dark webs to be seen.
6. Is this a watershed moment for online privacy?
I got this repeatedly from journalists yesterday and it’s an interesting question. I think it will be used as the canonical example of privacy risks online, but I don’t think it will have any broad-reaching impact on peoples’ approach to privacy given the niche nature of the site.
7. Avid Life Media still thinks credit cards are the issue
The owners of Ashley Madison posted that no current or past members’ full credit card numbers were stolen from Avid Life Media as though this is what people were concerned about! When someone’s credibility and potentially their entire family is on the line, their merchant potentially issuing them a new card is the last thing they’re worried about.
8. There are lives at stake
My original concern (and one of the reasons why I elected to not allow the data to be publicly searchable), is that this breach could result in suicides or the destruction of family units. Another take on this is individuals who engaged in same-sex relationships and may be persecuted by their country of origin. The data could be enormously destructive.
9. This is an awesome data set for visualisations
Oddly enough, this has come up in multiple contexts. For example, this map of the world with member distribution by gender and in a totally unrelated case, a friend contacting me asking if it would be a good data set for a Power BI presentation. It certainly does make for some neat charts.
10. Attacks on victims are ramping up
It was bound to happen and it will be multi-faceted; blackmail, general abuse and in one case I saw today, a dedicated Twitter account set up to name and shame individuals within a very localised region. With the rate this data has spread, we can only expect more of the same in the days and weeks to come.