Leaderboard ad

Passionfruit ads

Saturday 22 August 2015

Ashley Madison Hack: Opinion Piece

"Cheaters never prosper."

"If they do it with you, they'll do it to you."

"Once a cheater, always a cheater."

You've heard all the sayings.

In light of the Ashley Madison website hack (where hackers threatened to release user's details - the reasons why are detailed below), EVERYONE has an opinion on the whole sorry affair (pardon the pun).

Last night, I posted how you can check if your email address has been 'compromised' by Ashley Madison - see details on how you can check that here) and my friend said she'd checked other peoples' emails and found many interesting results. Thing is, though… you can't check if your husband or wife or ex or, eek, dad is on there, and likely to have used Ashley Madison.

Here is why:

Troy Hunt, the developer behind HaveIBeenPwned.com, has set the Ashley Madison data so that users will only receive an email if they have been hacked. This means you can’t use the website to see if people you want to snoop on have been affected. In a blog post, he explains that he has done this because he doesn’t “believe it’s responsible to make all the AM accounts discoverable by anyone” because the data is “sensitive.”

It’s also worth checking even if you have never signed up for Ashley Madison yourself. The site doesn’t actually verify the email addresses users provide, so it’s easy to sign up with a fake address, or one belonging to someone else. So: this means you could be in there without even realising it.

He says in the blog post (hyperlinked above):

But there’s no escaping the human impact of it. The discovery of one’s spouse in the data could have serious consequences. The stress inflicted on individuals that they may now be “found out” could be significant. Yes, there’s the whole ethical issue of Ashley Madison’s purpose and certainly there’s a lot of very unsympathetic commentary out there, but morals and views of relationship statuses are much more complex than simply concluding that everyone in the dump “deserved it”. What’s more, as fellow security guy Per Thorsheim points out, many of the accounts in the dump may not even be “real” so the exposure of this data may have ramifications for those who had absolutely nothing at all to do with the site.

Does that make sense? It does to me, although it took me a little while to get my head around it because… yes, my email address has been 'compromised'.

Yep, I checked my address to see how Have I Been Pwned works and whaddya know! My email address has been compromised.

How? Am I on Ashley Madison? I don't think so. And here is why... 

I actually remembered that several years ago, when I was researching a story on cheating (like, for real - I even went incognito on some 'jobs' with a private investigator) I signed up to a cheater's site. For the life of me, I can't recall which. But it could well have been Ashley Madison. And I DO remember that before I signed up I told my husband what I was going to do. He completely knew about my story and said, yeah, do what you gotta do. So I did.

I also remember I logged on in full view of him, and I started getting multiple messages thick and fast from men wanting to hook up. After I recovered from my initial shock (but really, what did I expect!) and replied to some of the men so I could cut and paste their convos for my stories (oh hell yes, how else do we get info we need for stories!), I logged on one more time before shutting my laptop down in horror when several men asked to hook up at their hotels when they were in town that weekend.

I have NEVER logged on again, and I struggle to remember which site it was.

And now, to figure out if I actually DID have an account with Ashley Madison, I tried to log on today. Yes, I tried. But I either don't have an account or don't remember my user name and password, or… I really don't have an account and my email address has been compromised in some other way.

I have sent through my 'forgot username and password' request to have both these elements sent to my email inbox, and so far… nothing. So, it looks like I don't have an Ashley Madison account after all.

But if my husband checked on that Pwned site? It would look like I do.

I guess what I am saying is this: if you have checked your partner's email address (and to do this you must go to the Have I Been Pwned site, they send you an email verification to make sure it's you, then you can check) and see something suss, you should tread lightly… ask questions first… berate and lose your shit later. Then make decisions about your relationship.

But, do keep in mind there could be a chance your partner is NOT cheating on you, and they have not hooked up with anyone.

Or, it could be that it's an old account they opened, and since you came along, they haven't been on. Oh, who knows. I am not making excuses for them, only they know the truth.

One thing is for sure: if you are on there and you don't tell your partner, it could be time to bloody well clean up your act. Take a good look at yourself and fix what's broken rather than look for it elsewhere. Don't take the people you love most down as collateral damage by ending a marriage, by having a fling with someone who couldn't give a shit about you, and they damage they'll do to your actual real life. And the actual people/person you love.

None of what I am saying above promotes the act of cheating. I am deadset against it.

Oh, and let's not forget that hacking is a crime. A CRIME. And: we should ALL be thoroughly pissed off and concerned about it all.

Today, it happened on a cheater's site. Tomorrow, it could be your eBay account, or your bank account.

Do YOU want hackers to be that savvy that they can hack into your personal stuff, trawl through your life? Didn't think so.

Here are some other perspectives on the whole sorry saga:

And read this. 

And, now: the hackers are said to have dick pics. Yes.

From this informative piece from wired.com:

And it’s only bound to get worse. In an interview with Motherboard, the hackers said they have 300 GB of employee emails in their possession, plus tens of thousands of Ashley Madison user pictures as well as user messages. 
“1/3 of pictures are dick pictures and we won’t dump,” they told Motherboard. “Not dumping most employee emails either. Maybe other executives.”

SO. Why has this hack happened in the first place?

Among other reasons best explained in the wired.com article above, hackers took issue with how Ashley Madison promised to delete customer data for a fee, then failed to delete it all. For the $19 fee, Ashley Madison said it would erase all “traces” of a customer’s activity on the Ashley Madison site.
The company went on to make more than $1.7 million through this service in 2014 alone, but (according to the hackers), never fully deleted customer data. Instead they deleted it from the public-facing parts of the site, but retained it on backend servers.
What do YOU think about the whole thing?

No comments:

Post a Comment