Hackers have delivered on their promise to post data stolen from cheating site AshleyMadison.com, dumping 9.7 gigabytes worth of data onto the dark web.
Account details, logins, names, addresses and emails are reportedly part of the dump, with payment transaction details going back to 2007 also posted.
The data dump could contain details belonging to any one of Ashley Madison’s 32 million users, though it has been highlighted how a number of the details seem to originate from fake accounts.
Impact Team claimed responsibility for last month’s hack on the infidelity website, demanding that Avid Life Media, the parent company of AshleyMadison.com and sister site Established Men, take down the two sites.
The hack has divided popular opinion, with some feeling that the cheaters got what they deserved, while others regarded the breach of privacy, regardless of ethics, as criminal and illegal.
CBR has followed up on our original reaction piece with the security experts giving their take on the fallout from the data dump.
1. We shouldn’t be surprised
Dr Chenxi Wang, VP of Cloud Security & Strategy at CipherCloud, said:
They [the customers] could have been spared if Ashley Madison had done the tough but right thing. But maybe we should not be surprised – trust is not the strong suit for a company that makes its money by encouraging people to lie and cheat."
2. Sick & twisted
George Anderson, director at Webroot, said:
"There is a desire to hurt people here and that’s sick as well as being criminal. Whilst readers’ morals may conflict either seeing this group of hackers as good or bad guys, the fact remains that the Impact Team illegally obtained sensitive personal info.
"I’d imagine the fall-out is divorces, firings and blackmail – really personally malicious and upsetting stuff."
3. The bluff that backfired
luke Brown, Vice President & GM, Europe Middle East Africa India & Latam at Digital Guardian, said:
"If ALM were trying to call The Impact Team’s bluff then it seems to have backfired pretty spectacularly. While the data has only been released on the dark web for now, it will inevitably find its way into more mainstream channels over time, resulting in very public naming and shaming for Ashley Madison’s members.
"Perhaps even more embarrassing for ALM and Ashley Madison is the disclosure of the fact that a significant proportion of users on the site are fake, bringing into question the credibility of the website as a whole."
4. Remember Grandma’s coffee table
Corey Nachreiner, CTO at WatchGuard, said:
"It is a reminder that cyber criminals may be hacktivists with social agendas who want to disrupt day-to-day business or organised criminal groups going after your customers’ financial or personal data – or in this case, both. At the route of these exploits, I am reminded of the advice I regularly give to kids.
"At a very basic level, do not put anything online you wouldn’t be happy to see on the front page of news on your grandmother’s coffee table. The internet is forever, no matter who you trust with your data."
5. The biggest cyber heist in history?
Blue coat, who previously predicted that the Ashley Madison breach will have a long tail last month, said:
"Now that more than 9 gigabytes of data has been released, they may begin to look at the financial value of a target to see if they will profit from the time spent building malware for the attack.
"This data is most likely to be amongst some of the most valuable data set compromised so far. If it is worth $100 to ‘go away’ and there are 37 million users, this could be one of the largest cyber heists in history."
This article is from the CBROnline archive: some formatting and images may not be present.