Scribd Logo
Upload

Welcome to Scribd!

  • 203 views

    Ashelymadisonhack

    Uploaded by

    jaysan91
    The Impact Team hacked the Ashley Madison website in July 2015, exposing the personal data of around 37 million users, including names, email addresses, home addresses, and credit card transactions. This caused emotional and physical damage to individuals exposed and led to at least one reported suicide. The hack also financially impacted Avid Life Media, the owner of Ashley Madison, which was hit with a $578 million lawsuit and saw its CEO resign in the aftermath. The hack revealed security issues with how Ashley Madison stored user data and passwords, putting users' private information at risk.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Ashelymadisonhack

    Uploaded by

    jaysan91
    203 views8 pages
    The Impact Team hacked the Ashley Madison website in July 2015, exposing the personal data of around 37 million users, including names, email addresses, home addresses, and credit card transactions. This caused emotional and physical damage to individuals exposed and led to at least one reported suicide. The hack also financially impacted Avid Life Media, the owner of Ashley Madison, which was hit with a $578 million lawsuit and saw its CEO resign in the aftermath. The hack revealed security issues with how Ashley Madison stored user data and passwords, putting users' private information at risk.

    Original Description:

    A brief description on Ashley Madison Hack and the motive behind it.

    Original Title

    Ashelymadisonhack.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The Impact Team hacked the Ashley Madison website in July 2015, exposing the personal data of around 37 million users, including names, email addresses, home addresses, and credit card transactions. This caused emotional and physical damage to individuals exposed and led to at least one reported suicide. The hack also financially impacted Avid Life Media, the owner of Ashley Madison, which was hit with a $578 million lawsuit and saw its CEO resign in the aftermath. The hack revealed security issues with how Ashley Madison stored user data and passwords, putting users' private information at risk.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    203 views8 pages

    Ashelymadisonhack

    Uploaded by

    jaysan91
    The Impact Team hacked the Ashley Madison website in July 2015, exposing the personal data of around 37 million users, including names, email addresses, home addresses, and credit card transactions. This caused emotional and physical damage to individuals exposed and led to at least one reported suicide. The hack also financially impacted Avid Life Media, the owner of Ashley Madison, which was hit with a $578 million lawsuit and saw its CEO resign in the aftermath. The hack revealed security issues with how Ashley Madison stored user data and passwords, putting users' private information at risk.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 8

    Running head: ASHLEY MADISON HACK

    Ashley Madison Hack


    Anil, Mohammad, Saleh, Zhaolun

    ASHLEY MADISON HACK

    Ashley Madison Hack


    Information is one of the pivotal assets of every organization and the need to aptly
    manage and control the security of information is necessary for its sustainability (Kerry-Lynn &
    Rossouw, 2004). Especially, companies which stores personal and transactional data should
    implement efficient security infrastructure and policies to prevent data breach. In case of
    corporate level security breaches, the attacks are unprecedented and damages are daunting.
    Ashley Madison is an infidelity-centric dating website which promotes extramarital
    affairs. It is owned by Avid Life Media (now known as Ruby). Registration on this website is
    completely free; female members get access to full membership upon registration but male
    members get access to a guest membership which can be used to send photos and winks to
    potential dating partner. In order to send messages between partners, male members are required
    to use credits which can be bought starting at $49. After answering a set of questions based on
    personal interests, the profile of the user is created. An additional fee of $20 is charged to delete
    the users profile from the websites database.
    On 12th July, the first known account of the breach was recorded. Hacker group called
    The Impact Team, sent a message on employees desktops suggesting a plausible breach. On
    20th July, the firm confirmed the attack. Between 18th to 23rd August, batches of data dumps were
    made available online by the hacker group surmounting to 300GB (Lord, 2015). An estimated
    36-37 million users data was exposed which included their personal information, credit card
    transaction history and residential address. It also contained the source code for the sites mobile
    app, marketing and loan document.

    ASHLEY MADISON HACK

    The impact of this breach scaled from individual level to the industry level. It exposed the
    personal information of the websites users, including emails, home addresses, credit card
    information, etc. Clinical psychologists argued that dealing with an affair in a particularly public
    way increases the hurt for spouse and children (Gregorie, 2015). Search engines started to pop up
    over the internet for people who wanted to check out if their or their beloved ones email found
    on Ashley Madison website (Chirgwin, 2015) which also resulted in creation of spoofed URL by
    other cyber criminals. Therefore, this caused physical and emotional damage to abused spouses,
    people dealing with sexual orientation, addiction, compulsions issues, etc (Devine, 2015). The
    first suicide was committed because of being afraid humiliated and pressured caused from the
    data breach (Chirgwin, 2015). Even thousands of US .mil and .gov emails were found on the
    website (Gibbons-Neff, 2015). Further, the country fell into a trust crisis. People would not trust
    the companies which promised to keep their data confidential; even worst, the citizens in the
    country would not trust their government or military personnel who had affairs. The data could
    also play role in hiring process where companies run background checks on potential hiree.
    As a result of the hack Avid Life Media was hit by 578-million-dollar lawsuit on behalf
    of all Canadians, including all users whose information has been exposed as well as those who
    requested and paid Avid Media to delete their accounts. Noel Biderman was the former CEO of
    Avid Life Media Inc, His emails were also published and then found on the list of registered
    users (Baraniuk, 2015). After that, on August 28, 2015 he stepped down from his position at
    Ashley Madison. Avid Life Media issued a statement regarding his resignation as in the best
    interest of the company. The message was announced via the Ashley Madison website
    (Thielman, 2015).

    ASHLEY MADISON HACK

    The Impact Team hacked Ashley Madison website (Ward, 2015) and found that the
    members were being tricked into paying $20 to completely delete their profile from Ashley
    Madison but the database still contained the profile details including credit card and other
    essential information. Only messages and wink were being deleted from another users inbox.
    The hacker team figured that Ashley Madison made $1.7 million dollars in 2014 from nearly
    90,000 user accounts being deleted, (Bernstein, 2015). He was accused by the hackers of failing
    to delete accounts from the website even after customers had paid to have their accounts deleted.
    No information of how the hackers got into the system or the type of system were ever released
    or disclosed.
    Avid Life Media offered a bounty of up to $377,000 for anyone who can provide
    information to catch the Impact Team (Hackett, 2015). Ashley Madison website didnt require
    their users to verify their email addresses, which means there were some individuals being
    affected by some other individuals who registered with a different email address and caused
    them problems as well. (Dreyfuss, 2015)
    On September 9, security researcher and analyst Gabor Szathmari discovered very poor
    standard of security protocols being used and the worst from all being, Hardcoded security
    credentials including "database passwords, API secrets, authentication tokens and SSL private
    keys."(Szathmari, 2015). The very next day on September 10 th a password cracking group called
    CynoSure Prime released a blog post stating they were able to crack 11 million passwords in 10
    days with the most popular password being 123456. They exploited that the website stored
    password using a simple and insecure implementation of MD5 cryptographic hash function,
    which allowed the password to be stored inside the hash itself. (CynoSure, 2015).

    ASHLEY MADISON HACK

    Ashley Madison is still running under Avid Life Media which rebranded itself to Ruby
    Corporation and appointed Rob Segal as the new CEO.
    Data breach in any form could cause formidable hamper to the individual or the
    company. Therefore, the protection of informational asset is necessary. Company should invest
    more on implementing efficient security infrastructure to prevent data breach. In case of data
    breach, discovery and response tools should be implemented to identify the attack immediately
    and take necessary actions.

    ASHLEY MADISON HACK

    6
    References

    Ashley Madison. (2015, August 18). 18 Aug Statement from Avid Life Media Inc. August 18,
    2015. Ashley Madison. Retrieved from: http://media.ashleymadison.com/statement-fromavid-life-media-inc-august-18-2015/
    Baraniuk, C. (August 24, 2015). Ashley Madison: Boss's emails examined after leak. BBC.
    Retrieved from: http://www.bbc.com/news/technology-34041039
    Bernstein, J. (2015, August 19). Ashley Madisons $19 Full Delete Option Made The Company
    Millions. Retrieved from https://www.buzzfeed.com/josephbernstein/leaked-documentssuggest-ashley-madison-made-millions-promis?utm_term=.gqErqnwPzy#.yeoDZVqdj2
    Chirgwin, R. (2015, August 23). Ashley Madison spam starts, as leak linked to first suicide. The
    Register. Retrieved from:
    http://www.theregister.co.uk/2015/08/23/ashley_madison_spam_starts_as_leak_linked_to
    _first_suicide/
    CynoSure (2015, September 10). How we cracked millions of Ashley Madison bcrypt hashes
    efficiently. Retrieved from http://cynosureprime.blogspot.com/2015/09/how-we-crackedmillions-of-ashley.html
    DailyMail (2015, August 20). Hackers dump second, even bigger batch of Ashley Madison
    records with taunting message to millionaire founder of 'cheating dirtbag' site. Daily
    Mail. Retrieved from: http://www.dailymail.co.uk/news/article-3205189/Hackers-dumpSECOND-bigger-batch-Ashley-Madison-records-taunting-message-millionaire-foundercheating-dirtbag-site.html

    ASHLEY MADISON HACK


    Dreyfuss, E. (2015, August 19). How to Check if You or a Loved One Were Exposed in the

    Ashley Madison Hack. Retrieved from https://www.wired.com/2015/08/check-loved-oneexposed-ashley-madison-hack/


    Gibbons-Neff, T. (2015, August 19). Thousands of .mil addresses potentially leaked in Ashley
    Madison hack. The Washington Post. Retrieved from:
    https://www.washingtonpost.com/news/checkpoint/wp/2015/08/19/thousands-of-miladdresses-potentially-leaked-in-ashley-madison-hack/
    Gregorie, C. (2015, August 20). Ashley Madison Hack Could Have A Devastating Psychological
    Fallout. The Huffington Post. Retrieved from:
    http://www.huffingtonpost.com/entry/ashley-madison-hack-psychologicalfallout_us_55d4afcee4b07addcb44f5d4
    Hackett, R. (2015, August 26). What to know about the Ashley Madison hack. Retrieved from
    http://fortune.com/2015/08/26/ashley-madison-hack/
    Kerry-Lynn T. R. (2004). Towards Corporate Information Security Obedience. Information
    Security Management, Education and Privacy. 148, pp. 19-31. France: IFIP.
    Mansfield-Devine, S. (2015). The Ashley Madison affair. Network Security,2015(9), 8-16.
    doi:10.1016/s1353-4858(15)30080-5
    Thielman, S. (2015, August 28). Ashley Madison CEO Noel Biderman resigns after third leak of
    emails. The Guardian. Retrieved from:
    https://www.theguardian.com/technology/2015/aug/28/ashley-madison-neil-bidermanstepping-down

    ASHLEY MADISON HACK


    Ward, M. (2015, August 20). Ashley Madison: Who are the hackers behind the attack? BBC.
    Retrieved from: http://www.bbc.com/news/technology-34002053

    You might also like