Another Security Oopsie

So perhaps you’ve heard that Avid Life Media, the company that runs Ashley Madison and several other dating (and “dating”) sites, has been hacked.

Ashley Madison, for those of you who haven’t been paying attention, is a site that caters to those wishing to have an affair.

The hackers claim to have grabbed the entire user database–some 37 million accounts–and threaten to release the whole thing online if Avid Life Media doesn’t shut down Ashley Madison and Established Men*. I find it interesting that the hackers apparently have no interest in ALM’s other dating sites. Maybe they have separate user databases, and the hackers didn’t get enough data to make a credible threat?

* Established Men’s focus is on facilitating relationships between “attractive girls” and “successful and generous benefactors”.

To me, the most interesting thing about the whole affair (sorry), is a line from the hackers’ statement.

The hackers’ ire appears to be focused on claims that even if a customer pays ALM’s fee (approximately $20) to have their account deleted, it remains in the database, although it’s no longer accessible online.

The statement says “Too bad for those men, they’re cheating dirtbags and deserve no such discretion.” Obviously, I’m missing something here. What about the women? Do they somehow deserve discretion? Aren’t they also “cheating dirtbags”?

No, it’s not that there aren’t any women on the site. AM doesn’t position itself as a gay dating site–although they won’t turn you down if you are looking for a same-sex affair. The very first question the site asks is your “relationship status” in one of six categories: Attached Male seeking Females, Attached Female seeking Males, Single Male seeking Females, Single Female seeking Males, Male seeking Males, Female seeking Females.

So what gives? Are the hackers suggesting that all of the women on AM were innocents, somehow tricked into signing up to have affairs? But then, what about the women on EM, who are explicitly looking for sugar daddies. Is that more noble than being a sugar daddy?

ALM spent most of yesterday downplaying the hack and declining to address questions about whether the hackers had gotten away with the entire user database and if they were planning to take the sites down.

Both sites are still up (approximately 10:30 Pacific Time) but responding slowly and occasionally timing out. Perhaps they’re overloaded with people trying to delete their profiles (ALM is waiving the fee). A bit of a case of closing the barn door after the horse has been made into glue, but a totally typical reaction.

If the sites stay up, they’ll take a hit in popularity, but I expect them to recover. Even if ALM takes them down, I can’t imagine they’ll stay down–they might come back under other names, but let’s face it, AM and EM fill a couple of very lucrative market niches. ALM is not going to abandon those markets.

People will use those sites, under whatever names they operate. And other people will hack those sites. Politics and social causes aside, a database full of valid credit cards is just too tempting a target.

4 thoughts on “Another Security Oopsie

  1. They covered this on NPR. I have trouble believing that anyone capable of hacking into a website could give a tinker’s dam about dictating morals. The point was made that they came up with a lot more than who goes on top–credit card numbers, personal data, etc. One caller-in suggested that it was a disgruntled employee. I must say, though, that this was a lot more titillating (sorry) and frivolous than most hacker stories and certainly belonged in the same week in which a so-called presidential candidate let the wind blow yet again.

    Like

    • Anyone can hack into a website. Got a speech to make and a few hundred bucks? Buy a hacking toolkit filled with pre-made attacks. Only slightly more expensive than buying a spam tool–and, I gather, often sold by the same people.

      Avid Life Media has already confirmed that it was an inside job. Not an employee, apparently; some kind of contractor. Though I haven’t heard any speculation about whether he’s did the job for himself or was contracting for the people making threats.

      And if you think that the credit card numbers are more valuable than the names and documented sexual fantasies that go with them, I’ve got a few words that might change your mind: “Bill Clinton,” “Gary Hart,” “Larry Craig”. Need I go on?

      Like

      • Didn’t seem to do ol’ Bill any real harm, but I see what you mean. In that case, though, I’d have been less surprised at a blackmail attempt than at the morality police screed.

        Like

      • Why not do both? I could easily see someone determined to wipe the immoral sites off the Internet add a little blackmail to selected individuals in a bid to (a) punish them and (b) fund future efforts.

        It’s easy to make threats to release the information; doesn’t mean you will if you’ve got other uses for it. Note that AM and EM are still up and the information hasn’t been released.

        If there are blackmail attempts going on, it’s too soon for us to find out about it–how many blackmailees are going to go public with the information? It’d be at least another couple of days before we could expect a leak.

        Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s