When AshleyMadison.com posted its slogan “Life is short. Have an affair,” it probably wasn’t bargaining for the one that it got last month. Someone got as intimate with the site’s members as you could get, exposing the online identities and sexual preferences of millions of adulterous wanna-bes.
The affair quickly turned into one of the largest personal information dumps ever, and the online hook-up site joined the ranks of the most notorious IT security breaches of all time.
It still remains to be determined who was behind the breach, and even whether it was the result of an outside attack or an insider job. But the nature of the site itself has since drawn plenty of attention.
Prior to the attack many individuals might have asked “Ashley Who?” Now the site appears to be a household name.
Which begs the question, was the Ashley Madison site targeted because of the nature of its business? And if so, does that attack mean other online dating sites might now be a preferred hacker target?
Cyber security experts that CIO.com spoke with all said probably not, although they couldn’t discount the possibility. All agreed that the number 1 motivation for hackers today is the monetarization of any information stolen from a site. Greed rules all.
Still, that is one level of vulnerability. Some sites may have layered levels of vulnerability based on social issues, political issues, religious issues and so on. As one security consultant noted, almost anyone can become a hacker today, and they could have any number of agendas.
Things are getting a bit personal
“My thought is that it was something personal,” says Alex Holden, founder and CTO at Hold Security, a Wisconsin-based company that provides IT security services and data breach analysis. “Hacker messaging to the former CEO of Ashley Madison had a lot of personal comments. The hackers usually don’t quote individuals.”
“From everything that I know, Ashley Madison was conducting business legally. Was it questionable? Yes. But in my book there would be 50 other companies ahead in line on doing less appropriate activities. To be honest, there is obviously a social impact, but the people within the company probably didn’t do anything bad,” Holden says.
Holden’s firm recently discovered that, indeed, several online dating sites have been compromised. They tend to not be the largest and best-known, however.
“We keep our eyes out for information that belongs to our customers and we wandered onto a website that is run by hackers,” Holden explains. “We found that in addition to information that was of interest to us there was additional clearly-marked stolen information from a number of different websites.”
Sign up for Computerworld eNewsletters.