Flirting With Security
September 10, 2015 | DevOps | joanna mastrocola
The Ashley Madison Hack has been all over the news in recent weeks, and why wouldn’t it be? It has all of the drama and shock factor we crave, standing out in a sea of run-of-the-mill hack and breach stories, this hack dealing with marriage and infidelity. What is surprising is that our attention is so focused on who is cheating on their spouse that we are missing the bigger picture. Whether the story is about medical records, vehicles, social security numbers, or infidelity exposed the common theme is that businesses are not keeping our information safe, they are not doing enough to make sure our identity is protected.
What is even more shocking is that despite every story of a leaked photo or a stolen credit card we continue to put our faith into these business without demanding protection. Having our information in digital records is often a necessity for conducting business and therefore protecting this personal information must be the company’s top priority. All of these breaches show us one thing… protecting our data isn’t a priority. We need to start focusing on reading past the sensationalized text and focus on the real problem, our security.
Here are some different takes on the Ashley Madison hack:
Ashley Madison Chief Executive Noel Biderman was let go in the wake of the Ashley Madison breach. Biderman, who had previously stated that affairs could be good for society, as long as they were kept secret, seemed to be unable to defend his own principle, the personal information of millions of users exposed.
This piece by Arik Hesseldahl points out that although other companies are able to survive after highly-publicized breaches, it will be tough for Ashley Madison to recover. He also points out that companies should have learned by now that information must be encrypted.
Business Standard reports that the Ashley Madison breach has given spammers a great opportunity to take advantage of those affected. There has been a recent surge in spam emails with domains relating to Ashley Madison. Some victims of the breach have been blackmailed due to the highly embarrassing and personal nature of the leaked information.
This article from Forbes discusses a burning question on everyone’s mind: why hasn’t the FTC made a statement about Ashley Madison or Avid Life Media and whether it will be conducting an investigation. The piece discusses many reasons why the FTC has remained silent up to this point, a main reason being that the FTC could be conducting a pre-investigation which does not require a public announcement.
John McAfee presents an entirely new spin on the story. He argues that the Ashley Madison was not hacked by a group of men, rather, the information was stolen and leaked by one woman who had worked for Avid in the past. He supports this claim through various points, including that the person had a very intimate understanding of the company’s technology stack and that the language in the manifesto seemed to come from a woman, the writer referring to men as “scumbags”.