For those of you harboring secrets behind a website paywall, a word of warning: your skeletons are now easy targets for cyber criminals and nefarious 3rd parties around the globe. The recent data breach and compromise of 3.5 million Ashley Madison user accounts may turn out to be largest case of broad-scale extortion the world has ever seen, but for many—the outcome is hardly surprising.
Commercially motivated attacks are on the rise, with criminals on the constant prowl for new lucrative sources of information to peddle on the black market. And what better place than America's most prominent dating site for cheating spouses?
The Impact Team—the hacker group responsible for the attack—claims to have acted in protest of the website’s unethical business practices. The compromise resulted in the massive theft of user information—real names, credit card information, photos, and sexually explicit chat logs—and could expose millions of married people to public shame and embarrassment. And even if blackmail is not on the hackers’ agenda, the data breach has most likely dealt Ashley Madison a critical, life-threatening blow, as it’s unlikely that a website whose business model revolves around secrecy could recover from such an event—especially if class action lawsuits are in the works.
This attack follows another recent, similar data breach of adult dating site Adult Friend Finder, when more than 3.5 million people's sexual preferences, fetishes and secrets were leaked to the internet. And while no leaked secrets are ever good, the Ashley Madison hack carries some more far-reaching, life-altering implications, potentially impacting millions of married Americans (and clandestine adulterers). For consumers, the message is clear: there is no such thing as secrecy on the internet. For service providers guaranteeing privacy to customers: be prepared to put your money where your mouth is.
Sadly, the truth is that most companies do not consider customer data privacy and protection a first priority. A 2014 report from McAfee revealed that almost 90% of small and medium-sized businesses in the US do not use data protection for company and customer information. Safeguarding critical data and underlying systems should be a foundational component of every organization’s security model—to this end, UpGuard can provide the continuous validation and monitoring required for maintaining a strong security posture against today’s threat landscape.
So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?