Ashley Madison: 'Moral' hacking or old-fashioned stealing?
2015 will be a banner year for cyber thieves, warns an expert. Did morality really motivate the Ashley Madison hackers, or just profit?
A man looks at Ashley Madison's Korean web site on his computer in Seoul, South Korea. Avid Life Media Inc., the parent company of Ashley Madison, a matchmaking website for cheating spouses, reported late Sunday that it was hacked and that the personal information of some of its users was posted online.
Lee Jin-man/AP/File
Hackers: 1, Ashley Madison: 0.
The website has now secured its servers, but it has also agreed to a demand that they allow users to erase their profiles for free, according to a statement released Monday.
Ashley Madison, a site that facilitates secret extramarital affairs for its 37 million users, had previously charged $19 to remove their profiles. "As our customers' privacy is of the utmost concern to us, we are now offering our full-delete option free to any member, in light of today’s news," it said.
The hackers responsible, who go by the name "The Impact Team," managed to steal information from Ashley Madison’s entire client base and even leaked some of the data online. It had claimed that the company was lying about deleting former clients’ information from their servers and was instead keeping data like their names and billing details online. The hackers demanded that the site be permanently shut down and threatened to release the personal information of millions of the site's cheating users.
Ashley Madison denied that it lied about removing users' information from their servers. "The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes," it said.
Hacks like Ashley Madison's are becoming more common. Last year saw a record high in the number of US data breaches, according to the Identity Theft Resource Center (ITRC). Nearly 800 breaches were reported, almost a third more than the number in 2013.
While some breaches are accidental, the leading cause of data breaches is hacking, said the ITRC.
"Without a doubt, 2015 will see more massive takedowns, hacks, and exposure of sensitive personal information like we have witnessed in years past," Adam Levin, founder of cybersecurity firm IDT911, told the ITRC.
He added, "Medical data and business information like intellectual property will be prime targets, with cyber thieves looking for opportunistic financial gain based on black market value, corporate extortion, and cyber terrorism."
The Ashley Madison case may prove to be an extortionate attack, though some maintain that The Impact Team is trying to exemplify "a case of moral vigilantism."
One hacker interviewed by Sky News denied that the group was morally motivated. "They have a better chance of selling on to someone else or to a 'Blackhat Market' on the 'Deep Web.' They’ll profit from this in a big way, especially with the size of this database," said the insider, identified only as "Vinnie."
He added that the hacking community was impressed at the size of the breach and doubted the group would be able to pull off such an attack again, according to Sky News.
The latest attack exposes critical security flaws in a company that claims to work with "leading IT vendors from around the world," and could even threaten Ashley Madison’s plans for an IPO, reported Marketwatch.