Free cheating site
Ashley Madison users, you are “cheating dirtbags” in the judgmental eyes of whoever attacked the adulterers’ dating site, and, with no sympathy forthcoming from the culprits, your personal details are in danger of being published, if they haven’t already.The attackers claim that the personal, intimate data they’ve breached includes all customer records: secret sexual fantasies, nude photos, conversations, credit card transactions, real names and addresses, plus the dating site company’s employee documents and emails.In another statement, ALM claimed there was nothing it could have done better to prevent the attack: “no company’s online assets are safe from cyber-vandalism,” despite having the “latest privacy and security technologies.” Impact Team agreed, apologizing to ALM’s security head: Many questions remain unanswered, including how ALM stored users’ passwords: were they properly salted and hashed, for example?Hashes are the best way to handle passwords because you can create a hash from a password, but you can’t recreate a password from a hash.On Monday morning, ALM announced that it had already used copyright infringement takedown requests to have “all personally identifiable information about our users” deleted from the unnamed websites where it was published.
This assumption about gender is incorrect, but the point is moot: a female friend of mine who formerly used Ashley Madison tells me that, being a woman, she never had to pay, and she had the smarts to fictionalize all her user information: According to the Impact Team’s manifesto, this is comeuppance for ALM having “promised secrecy” that it didn’t deliver.
Another unanswered question: was ALM storing credit card security codes – also known as CVVs, CVV2, CID, or CSC – along with account information? Payment card regulations known as PCI-DSS specifically forbid the storage of a card’s security code or any “track data” contained in the magnetic strip on the back of a credit card.
The attack on Ashley Madison is only the latest example of why it’s imperative that we all choose strong, unique passwords – one site, one password.
For its part, ALM has published a statement on Ashley denying those accusations – the full-delete feature works just as advertised, the company said – and announced that full-delete is now offered free of charge to all members: Contrary to current media reports, and based on accusations posted online by a cyber criminal, the "paid-delete" option offered by Ashley does in fact remove all information related to a member's profile and communications activity.
The process involves a hard-delete of a requesting user's profile, including the removal of posted pictures and all messages sent to other system users' email boxes.