Update: An important thing to know is Ashley Madison did not use an email verification feature to confirm the veracity of the email.
I can't even begin to tell you how many times I have heard that line when I have discussed privacy issues with someone. The Ashley Madison hack
is the latest high-profile attack on private user data. In case you
aren't aware, the hackers, who go by Impact Team, revealed the personal
information of millions of users of infidelity site Ashley Madison on
Tuesday. The data dump is 10 gigabytes in size (compressed) and
allegedly contains first and last names, addresses, partial credit card
data, phone numbers and hashed passwords for 33 million users.
The
leak also includes PayPal accounts used by Ashley Madison executives,
Windows domain credentials for employees and a large number of internal
documents.
Ashley Madison posted a statement on Tuesday to its media site to report that the company is "actively monitoring and investigating this situation to determine the validity of any information posted online." An ongoing investigation with Canadian law enforcement has been underway since the July attack.
Currently
the personal user information is in raw form living on the dark web and
accessible through the Tor browser only. But 4chan users, who played a
role in leaking images from the celebrity photo hack, are reportedly in
the process of digging through the data and posting what they find
online. Sadly the data that is posted publicly will live for an
internet eternity. Certainly those impacted by the hack will certainly
not say "I don't care, I have nothing to hide" now.
In
today's digital world, we rely on the technological infrastructure to
protect our personal information such as social security number, credit
card information, home address, etc. But with each hack such as Sony, iCloud celebrity photo, Target and the Office of Personnel Management, the technological infrastructure fails to keep that data private.
In my opinion, John Herrman put it best in this post:
It’s
easy to kid about the fact that these people were using a site intended
to help them cheat. But if understood in more abstract terms, this hack
has the potential to alter anyone’s relationship with the devices and
apps and services they use every day. Here were millions of people
expecting the highest level of privacy that the commercial web could
offer as they conducted business they likely wanted to keep between two
people (even if a great number of the emails are junk, or attached to
casual gawkers, the leak claims to contain nine million transaction
records). This hack could be ruinous—personally, professionally,
financially—for them and their families. But for everyone else, it could
haunt every email, private message, text and transaction across an
internet where privacy has been taken for granted. Ashley Madison, in
the strange hacker economy of 2015, may have had an especially big
target on its back. But it’s a powerful reminder of the impossibility of
perfect privacy.
Privacy vs Exposure - today's new normal I think.