20 July 2015

Internet Firm Going Public, but Not in a Good Way

It appears that, Ashley Madison the dating site for people who want to cheat on their spouses, has gone public ……… prematurely, and much like their clients, prematurely is not a word that you want to hear:
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information. The still-unfolding leak could be quite damaging to some 37 million users of the hookup service, whose slogan is “Life is short. Have an affair.”

The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison as well as related hookup sites Cougar Life and Established Men.

Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

………

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.

“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
On NPR, a representative of ALM said that they were using DMCA take-down notices to keep the information off the web, but that makes no sense at all, because a data is not copyrightable, though there may be some trade secret protections that apply.

In either case, there was a bit of schadenfreude for me when I heard about this.

I can understand how some people might look for someone to cheat with, you see this in the personal ads of the alternative press regularly, but making a whole site for this is just really creepy.

H/T Yves Smith.

0 comments :

Post a Comment