Scam of the day – December 18, 2016 – Ashley Madison settles with FTC and state attorneys general

In July of 2015 it first became known that the Ashley Madison dating site had experienced a major data breach affecting 36 million of its members.  Ashley Madison, a website for people seeking to have extra-marital affairs formerly used the slogan, “Life is short, have an affair.” Ashley Madison was hacked by a group calling itself Impact Team.  Impact Team released information on 36 million users of Ashley Madison including names,  addresses, sexual interests and credit card details.

The Federal Trade Commission (FTC) and 13 state attorneys general have just settled charges they brought against Ashley Madison that will require the company to put into effect a comprehensive data security program and pay 1.5 million dollars to the FTC and the states involved with the charges.

TIPS

Perhaps the biggest takeaway from this matter, as millions of Ashley Madison customers suffered the consequences of having their involvement with the dating service made public, is that your personal information is only as safe as the places with the worst security that have your personal information.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is a company with which you regularly do business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.

Scam of the day – September 12, 2016 – Four year old data breach revealed

It was recently disclosed that Brazzers, a porn website had been hacked four years ago.   Personal information of users of its forum in which subscribers communicated about porn movies was stolen and is now available on the Internet.  The information stolen included not only user names, email addresses and passwords, but also the substance of their  conversations in the forum, which could be embarrassing to Brazzer subscribers if the information became public leading to concerns about blackmail by cybercriminals with access to this information.  This data breach is reminiscent of the data breach at Ashley Madison, which proved to be extremely embarrassing to customers of that website that dealt with extra-marital affairs.  Of course, any data breach in which user names, email addresses and passwords are compromised poses a threat to the victims of the data breach who can be more seriously victimized by cybercriminals using that information to advance spear phishing schemes targeting the victims and luring them to click on links that will download keystroke logging malware that will steal personal information from the victim’s computer, smartphone or other electronic device and use that information to make the person a victim of identity theft.  In addition, many people use the same password for all of their accounts and once their password at one website becomes known, it can lead to attacks at other places such as online banking.

TIPS

The website Have I Been Pwned https://haveibeenpwned.com/ is a good place to go to find out if you have been victimized in a data breach.  This website gathers information about data breaches and you can put in your email address to find out if you have been a victim of any data breaches such as Brazzers where information is being circulated on the Internet.  It is also important to use a distinct and unique password for each of your online accounts so if you do become a victim of a data breach at one account, the security of your other accounts are not threatened.  Finally, for people who go to websites that they would prefer no one to know about, they should consider using a different user name and separate email address from their usual use name and email address.

Scam of the day – August 20, 2015 – Ashley Madison hackers release stolen information

Impact Team, the hackers who hacked into Avid Life Media, the company that owns and operates Ashley Madison, the dating site for married people seeking to have an affair, followed through with their threat and have released 9.7 gigabytes of the stolen data including email addresses, credit card transaction details, partial credit card numbers, addresses and even dating profiles.   Among the email addresses were 10,000 US military email addresses and hundreds of US government email addresses although it is important to note that the email addresses used to set up an account with Ashley Madison were not verified by Ashley Madison when accounts were set up so anyone could set up an account using someone else’s email address.  Ashley Madison is not the first dating website to be hacked and have sensitive information released to the public.  In May, Adult Friend Finder, was hacked and personal information of 3.5 million members was released to the public.   Ashley Madison claims to have 40 million users. Impact Team released the information on various  dark web website with the announcement copied below.  Although these dark web websites are encrypted and not generally available, it can be expected that the information will become public soon.

TIPS

One of the key lessons here is that your personal information is only as safe as the places with the weakest security that have your information.  It is for this reason that you should never leave your credit card on file for convenience with a website.  Enter it anew each time you make a purchase on Amazon or any other website that you may go to frequently.  As for Ashley Madison in particular, it is a good lesson to remember that you should never give information to any website that would be a source of embarrassment to you if it were to become public after a data breach.

Customers of Ashley Madison can go to a number of websites that have been recently set up to see if their personal information was among the information compromised.  Here is a link to one of them.   https://ashley.cynic.al/

Scam of the day – July 22, 2015 – Ashley Madison website hacked

Ashley Madison, the website for people seeking to have extra-marital affairs that uses the slogan, “Life is Short.  Have an affair” has been hacked by a group calling itself Impact Team.  Impact Team has already released a small amount of the information stolen and has threatened to publicly release all of the data it has stolen from Ashley Madison, which claims to have 37 million members.  According to Impact Team, the information it has includes names,  addresses, sexual interests and credit card details of Ashley Madison’s members as well as employee documents and emails.  In an interesting twist, Impact Team is not demanding ransom from Ashley Madison in return for not releasing the rest of the stolen information, but rather is demanding that Avid Life Media, the company that owns Ashley Madison permanently take Ashley Madison and another similar website it owns named Established Men offline.  Impact Team also took issue with a $19 charge that Ashley Madison charged its customers who wished to have their information deleted.  According to Impact Team, even after paying the charge, their information was not fully deleted.  In response, Ashley Madison says that they do delete the information and that they will now waive the fee.  Here is a link to Ashley Madison’s press release about the data breach and their new policy about deleting information.  http://media.ashleymadison.com/statement-from-avid-life-media-inc-july-20-1225pm/

TIPS

Perhaps the biggest takeaway from this matter as millions of Ashley Madison customers wait in fear that their affairs will be exposed is that your personal information is only as safe as the places that have your personal information with the worst security.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is one with which you do much business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.  People may also consider using aliases rather than their real names when doing business online.