It has been a year since the Ashley Madison breach, where the personal information of millions of users was leaked to the public after a hack. The private data that was leaked included the usual account names, email addresses, and passwords, but it also included things like the user’s sexual practices, orientation, and fantasies. The Ashley Madison breach has become one of the most notorious cases of mass hacking. An investigation by the Canada’s Privacy Commissioner and Australian Information Commissioner not only confirms that it also reveals even more damning details about the infidelity website.
Fictitious Awards and False Promises
Before the attack, the Ashley Madison homepage boasted a “trusted security award” icon and claimed that the service offered a “100% discreet service.” Both claims weren’t true, as even the Privacy Policy said that the site could not guarantee security and that customers were using Ashley Madison at their own risk. The document states that:
“You acknowledge that although we strive to maintain the necessary safeguards to protect your personal data, we cannot ensure the security or privacy of information you provide through the Internet and your email messages.”
The general impressions given to users by all these icons and the attractive lady giving the “Shush” sign was that the site had very high-security standards. Most users wouldn’t bother to check how safe their information would be before giving it away.
The site used encryption, but it was fairly weak and easy to crack. The encryption keys were stored on easily accessible systems within Ashley Madison.
Ashley Madison Broke Privacy Laws
The report states that the infidelity dating site broke the Privacy laws of Canada and Australia. It’s very probable that these aren’t the only two countries. While the Ashley Madison headquarters are located in Toronto, Canada, the site conducted business in 53 countries. The breach included the personal information of 36 million accounts. Ashley Madison ran a paid removal of information service that cost $19, but in reality, the “removed” data still lingered in the site’s archives and was exposed along with the other users.
Ashley Madison also reportedly fabricated female accounts and used bots to send fake messages to male users. The male-female ratio was also very uneven; some estimates claim that 95% of the site’s users were male.
It’s pretty ironic that a site about cheating and infidelity would lie to its users about the security of their files. It would almost be poetic justice if the hack didn’t do harm to innocent people. The ALM accounts could have been made for a prank, or even as an email mistype by a random user. These accidents are bound to create some inconvenience to the affected people.
Protection Against Theft of Personal Information
While the Ashley Madison system was far from perfect, there’s no way to guarantee 100% security. Once uploaded in on the web, the data stays there for a long time, like the Space Jam website. Even sites that promise privacy, like ALM, can’t provide it in every possible scenario. Users are going to have to do that by themselves. Our advice would be to avoid most dating, or sex sites, as they demand a huge amount of information.
This should go without saying, but a lot of people (including Ashley Madison users) neglect it: putting any personal data on the Internet carries a lot of risks. That’s true even if the personal information is posted on otherwise trustworthy sites like Facebook or Google+. As of now, no website is completely secure, and the only way to protect your personal information form hacking is to keep it out of the Internet.
