A few years back, there was a cyber-attack which became well-known even today. This was one of the most dangerous and notorious cyber-attacks in history. This attack was the Ashley Madison Hack, a security breach on a large online adult dating service. This site is all about extramarital affairs.
In 2015, this site suffered from a security breach and there was big news. By the attack, more than 300 GB of user data got exposed and that included user names as well. Along with this, the attack also dragged their credit and debit card information, banking data, and their transactions as well. More than anything, users were worried about their sexual fantasies that got explored. This was one of the worst nightmares of using this site. Because of this attack, his personal information was available on the internet for everyone to see. The consequences of attacks were really worst and it is difficult to imagine such consequences.
Earlier Ashley was just a sleazy site which was questionable. After the attack, the same site has become the best example of security management malpractice.
Hacktivism as an excuse
The impact team was the hacking group. After they successfully attacked this site, they started sending messages to the owners. With their message, they were threatening the owners for bad faith and they were criticizing them for their security. The company didn’t respond to the hackers and that resulted in exposing the personal details of the users by the hackers.
Thousands of user data got breached and hackers justified their actions. They told that Ashley Madison was unable to protect user’s data and they failed to provide proper security. After Ashley Madison offered to delete the users’ accounts by paying some amount. But even when the account was deleted properly, transactions were never deleted. Purchase details remained in the site and that included even the real names of the user along with his/her address.
These are the main reasons, the hacking group finally decided to punish the company. This punishment of exposing the user’s data cost almost $30 million for Ashley Madison as a fine.
Even though they took all the measures for security, even today people have the opinion that they are still threatened. There are many groups that are not related to the impact team who are sending blackmail messages to this company. These messages are demanding around 500-2000 dollars for not exposing the information hacked from Ashley Madison.
So, the company is continuously putting efforts to strengthen its security measures. Along with the fine, they also went under investigation of the U.S. Federal Trade Commission. This left a void in the market for people interested in affair dating and finding local sex. This opened the door for adult sites and apps like Local Sexfinder and other backpage alternative services.
What should be done?
After the investigation of this case, experts drew some interesting conclusions. These conclusions should be taken into account in each and every company to make sure that security is intact.
This is most important in a site and the site should implement very strong passwords. Ashley used the Bcrypt hashing algorithm for protecting the passwords. They have also used the MD5 algorithm for some 15 million subsets. This was the main reason behind attacks since this algorithm is very vulnerable mainly to brute force attacks.
This is one of the most controversial aspects of the entire case of Ashley Madison. Because the hackers and attack users came to know that even after deleting the account, Ashley’s site was holding information about them. The Impact group was dragging the information for a long time. But it is very important for a company to take care of personal information management. Once the user deletes his account, the entire account with all his transactions should be deleted.
Ensuring the Highest Security
Offering and maintaining impeccable security is of utmost importance for an organization. Users believe in security and privacy and the company should take the right measures to maintain the same. It should always implement impeccable practices and protocols when it comes to security.
MD5 protocol used by Ashley Madison was one of the reasons behind this attack. This was clearly a mistake and they would have utilized some strong protocol in its place. Apart from this, the entire platform has a lot of security issues and the reason behind this was the earlier development team. One more thing to focus on is insider threats. There will be some internal users who can result in harms that are irreparable. So, the best way to prevent all these issues is the implementation of strict protocols in all aspects including monitor and log in along with employee actions.
After this attack, many organizations started implementing strict protocols and they started strengthening their security measures. Especially when the company deals with a user’s personal information, it should implement the best actions and security measures to protect personal data. Ashley Madison hack should be considered as a case study and organizations should learn from this case.