Scam of the day – December 18, 2016 – Ashley Madison settles with FTC and state attorneys general

In July of 2015 it first became known that the Ashley Madison dating site had experienced a major data breach affecting 36 million of its members.  Ashley Madison, a website for people seeking to have extra-marital affairs formerly used the slogan, “Life is short, have an affair.” Ashley Madison was hacked by a group calling itself Impact Team.  Impact Team released information on 36 million users of Ashley Madison including names,  addresses, sexual interests and credit card details.

The Federal Trade Commission (FTC) and 13 state attorneys general have just settled charges they brought against Ashley Madison that will require the company to put into effect a comprehensive data security program and pay 1.5 million dollars to the FTC and the states involved with the charges.

TIPS

Perhaps the biggest takeaway from this matter, as millions of Ashley Madison customers suffered the consequences of having their involvement with the dating service made public, is that your personal information is only as safe as the places with the worst security that have your personal information.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is a company with which you regularly do business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.

Scam of the day – May 21, 2016 – Turnabout is fair play – Hacking forum is hacked

As initially reported by Tech security firm Risk Based Security, the online hacking forum Nulled.io has itself been hacked with 800,000 messages and account information of 536,000 registered users stolen and put on line for anyone, including law enforcement to see.  Nulled.io was a clearinghouse used by hackers to buy and sell stolen content, passwords and other hacking enabling information.  Although stolen passwords for the account information were encrypted, the method used to encrypt the passwords is easily cracked by someone with sophisticated computer technology.  At the present time Nulled.io is offline and the following screenshot appears if you go to their website.

Nulled.io currently is offline.

TIPS

Perhaps the most important lesson here is the reminder that your security online is only as strong as the websites you use with the weakest security.  Whether it is Ashley Madison or Nulled.io or any other site, you should be wary of ever involving yourself with a website or a company that you would be embarrassed to have your involvement made public.

Scam of the day – August 20, 2015 – Ashley Madison hackers release stolen information

Impact Team, the hackers who hacked into Avid Life Media, the company that owns and operates Ashley Madison, the dating site for married people seeking to have an affair, followed through with their threat and have released 9.7 gigabytes of the stolen data including email addresses, credit card transaction details, partial credit card numbers, addresses and even dating profiles.   Among the email addresses were 10,000 US military email addresses and hundreds of US government email addresses although it is important to note that the email addresses used to set up an account with Ashley Madison were not verified by Ashley Madison when accounts were set up so anyone could set up an account using someone else’s email address.  Ashley Madison is not the first dating website to be hacked and have sensitive information released to the public.  In May, Adult Friend Finder, was hacked and personal information of 3.5 million members was released to the public.   Ashley Madison claims to have 40 million users. Impact Team released the information on various  dark web website with the announcement copied below.  Although these dark web websites are encrypted and not generally available, it can be expected that the information will become public soon.

TIPS

One of the key lessons here is that your personal information is only as safe as the places with the weakest security that have your information.  It is for this reason that you should never leave your credit card on file for convenience with a website.  Enter it anew each time you make a purchase on Amazon or any other website that you may go to frequently.  As for Ashley Madison in particular, it is a good lesson to remember that you should never give information to any website that would be a source of embarrassment to you if it were to become public after a data breach.

Customers of Ashley Madison can go to a number of websites that have been recently set up to see if their personal information was among the information compromised.  Here is a link to one of them.   https://ashley.cynic.al/