Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Leaked' files reveal existing security concerns at Ashley Madison

Margi Murphy | Aug. 24, 2015
"Leaked" Ashley Madison documents reveal the existing security concerns at the hacked extra-marital affair website.

"Leaked" Ashley Madison documents reveal the existing security concerns at the hacked extra-marital affair website.

Ashley Madison is a dating site for married users that wish to have an affair which boasts 40 million international users.

The company, whose tagline is "Life is short. Have an affair," is owned by Avid Life Media, which is also responsible for Established Men, Swappernet (a swinger's site) and The Big and the Beautiful (a site for larger singles).

It appears that security leads at Avid Life Media feared misbehaving individuals could create accounts and crawl (the technique of scraping or fetching and gathering information) search results, linking users to their private lives through facial recognition, image metadata and location coordinates.

Ashley Madison's security experts, including Toronto-based Security Director Mark Steele and Chief Technology Officer Trevor Sykes, were also concerned that employees at New Relic - a data analysis company - and IT services provider OnX could leak the company's customer data.

The list of potential security, system availability and disclosure holes were published alongside the database of 37 million customer's personal details - including sexual preferences, addresses, full names and partial credit card details. The details were stolen by a group of hackers called The Impact Team in July.

The group threatened to release the names of users on the website if Avid Life Media refused to shut down Ashley Madison, which it alleged was defrauding customers by promising a 'delete all' feature for users intent on discretion. The impact team claimed that Avid Life Media had not been completely eradicating user's information if they wanted to opt out, as advertised, while still charging them for the service.

Pinf application development

The alleged leaked database that has been circulating online, seen by Techworld, includes documents titled 'Ashley Madison's technology stack'.

If the document describing Ashley Madison's stack is to be taken at face value, it appears the IT directors had little faith in its underlying framework. Describing "Pinf", which is the proprietary framework used to develop the website, the document stated: "No one knows what the acronym PINF is meant to stand for. Much of the code is a decade old and most of it is nonsense. It tries to be an MVC framework, but it fails. It would be more accurate to describe it as a "view first" framework, but even in that context it doesn't quite make sense."

It also included details of technology Avid Life Media use to apply face detection through a restful API on its Silex and an open-source proxy server NginX-based user photo server.

The author of the document is unclear.

Paypal and Ashley Madison's own bank account details leaked?

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.