Introduction of Topic: The Ashley Madison Data Breach
The website Ashley Madison is an online dating and social networking service marketed to people who are married and would like to establish an extramarital relationship. The website, founded in 2002 by Darren J. Morgenstern, uses the slogan, "Life is short. Have an affair". The website is owned by Ruby Life, Inc. (formerly known as Avid Life Media). In addition to Ashley Madison, the website manages two other sites referred to as “CougarLife.com” and “EstablishedMen.com.” In the past, the site owned other sites such as “HotorNot.com,” “ArrangementFinder.com” (rebranded as “EstablishedMen.com”), and “ManCrunch.com.” Avid Life Media (ALM) was subject to one of the largest and controversial data breaches in U.S. history. The breach exposed the personal information of over 32 million users and consisted of over 60 gigabytes of data (Mansfield-Devine, 2015; Ruby Life, 2019).
Summary of the CAse
Most of the events involved in this case took place between July and September of 2015. The consequences of the breach would continue until 2017. The company that owned Ashley Madison has been rebranded as "Ruby Life Inc." and is still operating.
Description of The Leaked Data
The stolen data consisted of a significant amount of personally identifiable information (PII) about Avid Media’s users. The data released by the hackers includes names, passwords, addresses and phone numbers submitted by users of the site, though it's unclear how many members provided legitimate details to open accounts. A sampling of the leaked data indicates that users provided random numbers and addresses to open accounts. But files containing credit card transactions likely yield real names and addresses, unless members of the site used anonymous pre-paid cards, which offer more anonymity.
This data, which amounts to millions of payment transactions going back to 2008, includes names, street address, email address and amount paid, but not the full credit card numbers; instead it includes just four digits for each transaction, which may in fact be the last four digits of the credit card numbers or simply a transaction ID unique to each charge. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil or .gov addresses. It's not clear, however, how many of these are legitimate addresses (Lord, 2017; Masfield-Devine, 2015; Cross, Parker, & Sansom, 2019; Tuttle, 2015; Arfer & Jones, 2019; Chohaney, M. & Panozzo, K., 2018) THE HACKER'S MOTIVESThe hackers who called themselves the "Impact Team" blamed ALM's business practices for the reason they conducted the attack. Labeling themselves as "hacktivists," they claimed that misleading Ashley Madison users was the key motive behind the attack - but, it also seems that they took issue with the purpose of the website (as being a website dedicated to facilitating extramarital affairs. Read the full summary describing the hacker's motives and the interview they conducted with Vice News via email by using the links below.
|
HUMAN ASPECTS OF THE CASE
The human aspects of this case will focus on three different roles: victims of the data leak, the hackers, and researchers seeking to use the leaked data.
COMPUTING DEVICES AND INTERFACES USED FOR THE HACK
In this particular case, the primary devices and interfaces used were computers, servers, and the internet. While the data that was dumped was related to users of a website, the data was obtained by remotely accessing ALM’s servers through hacking passwords. In an email interview, the hackers said, “We worked hard to make fully undetectable attack, then got in and found nothing to bypass.” The hackers went on to say that the security was, “bad.” They said, “Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers (Cox, 2015).”
To read a full overview of the computing devices and interfaces used, click the button below: summary of the technologies used in this caseResponse to the data breach |
SUMMARY OF IMPORTANCE ON A LIBRARY CAREER
The statements above address these items as well. However, I think that the case of the Ashley Madison data breach is a cautionary tale for anyone who uses online social media for communication purposes. Since the COVID-19 pandemic, it has become apparent that electronic communication in various forms has become a critical part of ensuring that our institutions continue to operate. However, any of these systems could potentially be hacked. Cybersecurity is everyone’s responsibility to ensure ours and others personal data is not illegally obtained and disseminated on the internet for the world to see.