What Can Ashley Madison’s Data Breach Tell Us About Data Security?
Posted on Sep 18, 2015
Ashley Madison would have previously described itself as a leading discreet service. That was of course until it made headline news this summer.
This was when some 32 million users account and login details were stolen by hackers and released into the public domain via the internet. According to the Wired, “the data released by the hackers includes names, passwords, addresses and phone numbers submitted by users of the site”, but the authenticity of these details is still unclear.
We do know however of a number of high-profile accounts, the owners of which have subsequently sought to distance themselves from the scandal in recent weeks, has been the focus of much debate.
Keep Your Clients' Data Secure
How did it happen? I know what you’re thinking. It’s too obvious. If you have important user details in your possession, you need adequate and flawless data security, especially if you are dealing with 40 million users’ data (Ashley Madison’s total number of users at the time of the security breach). So they had that right? I bet your organisation does too, yes? Er...
Unfortunately, in some cases, this is always not top priority. Organisations should make sure they use rigorous security practices to keep their servers and domains safe. You can also minimise the chances of suffering loss or inconvenience by personally protecting yourself online.
In an interview with MOTHERBOARD, The Impact Team argued that Ashley Madison was not employing proper security measures during the attack:
“We worked hard to make fully undetectable attack, then got in and found nothing to bypass (...) Nobody was watching. No security. Only thing was (a) segmented network. You could use Pass1234 from the internet to VPN to root on all servers.”
Worse still it has subsequently transpire that when people cancelled their account, Ashley Madison elected to retain all the personal and billing data just in case the client returned. So whilst a user thought there was no longer any record of them, the truth is the hackers were easily able to gather user data across an extended period of use.
Create Sophisticated Passwords
"Password123" is seriously so not a recommended option. Neither is "letmein", "shadow" or "princess", as security firm SplashData revealed. If you are creating a new password, take your time and think very well before writing something that is too easy to guess (or for that matter or sometime even worse too hard to remember to the point where you have to resort to writing it down!
Just a couple of weeks ago, stolen passwords from Ashley Madison’s were revealed and so far it suggests that many users forgot the basic rules of good digital hygiene. According to Ars Technica, this is the top password exposed so far: 123456. Other passwords made it to Top 5 and you will surely recognise some of them: 12345, password, DEFAULT, and 123456789.
With that said, the best advice we can give is: having a different password for each profile, email or website you are using, and keep changing them every 3 months..
This is also not the place to comment about the fact that many of the accounts identified as female appeared to be made up with Ashley Madison domain email accounts with numbered email ids. Scam anyone? Maybe that is why they are the subject of growing number of Class Action Lawsuits.
Don’t Rely On Security Assumptions
Being aware of effective cyber security, both personal and professional, is the first step to preventing make yur life and that of your friends, family and work colleagues a misery. People must take responsibility.
We should be educated about what the risks are and how we, as individuals, can help protect our personal and professional data when online. This means using technology safely and securely.
Don’t assume your data is secure. Take precautions and be smart about your digital presence. Be aware that logging into a platform with your personal data with a public Wi-Fi connection without hotspot VPN protection is DEFINITELY a bad idea. Yeah right. Really? Do we stick to that rule?
Of course not. We still do it. We still connect everywhere and anywhere we can. Why is that?
Because "most" people know how to assess and manage the risks. "Most" people do have good passwords. We don't share our devices. We use two part authentication. We work with trusted service suppliers who respect us as customers. We even leave our NFC touch and pay credit cards at home when we're on for a big night out.
We know the risks and we take appropriate action.
It looks regrettably that Ashley Madison was simply designed to make a fast buck and aspired to none of these values. More fool them....and their client base (real or imagined).comments powered by Disqus
Here you can see our most recent resources, select items of interest using the categories below.