Life is short, have an affair! ... and then get outed by hackers (AshleyMadison hacked)

[Dan Druff]

http://gizmodo.com/hackers-threaten-...ium=socialflow







The hackers claim to have access to all 40 million customer records of AshleyMadison.com (a site for married people to cheat), and says they will release everything if the company does not shut down immediately.

Apparently what angered the hackers was not the basic infidelity concept of AshleyMadison, but a scummy feature on there called "Full Delete", which costs users $19. It supposedly wipes the record of your account's existence from their servers (why isn't this free?), but in reality it just removes it from public view, and they keep your personal info on file.

The hackers apparently discovered the deception of "Full Delete", and then decided to issue this ultimatum regarding shutting down or all information being released.

Pretty amazing that so many married people were so gullible as to give their real info to a site like AshleyMadison. How hard is it to buy a prepaid credit card, register it in a fake name, and pay for AshleyMadison that way?

Will be interested to see where this goes...

[sonatine]

gg IPO.

this is going to be a blood bath.

[TheXFactor]

Doesn't surprise me that a website like AshleyMadison has no real security.

Please Select...

Attached Male seeking Females
Attached Female seeking Males
Single Male seeking Females
Single Female seeking Males
Male seeking Males
Female seeking Females
Hackers seeking to Fuck Everyone

Ashley Madison is the world's leading married dating service for discreet encounters
Trusted Security Award
100% DISCREET SERVICE
SSL Secure Site

Over 37,565,000 anonymous members!

[sonatine]

I wouldnt discount their security here without some indication that the compromise was a no-brainer. They were almost certainly PCI level 1 so they probably had at least quarterly third party pen tests done. The sad truth is that one doesnt need to have bad security to get popped these days. If I had to guess, Id say they probably got phished with one of the HT o-days. Pure unadulterated conjecture of course but Occams Razor and all that.

[herbertstemple]

So the hackers are the good guys here?

[simpdog]

So the hackers are the good guys here?

Over 37 million say no.

[Sanlmar]

I wouldnt discount their security here without some indication that the compromise was a no-brainer. They were almost certainly PCI level 1 so they probably had at least quarterly third party pen tests done. The sad truth is that one doesnt need to have bad security to get popped these days. If I had to guess, Id say they probably got phished with one of the HT o-days. Pure unadulterated conjecture of course but Occams Razor and all that.

Remember the bonus question and your answer?

I really and truly dont give a fuck if anyone watches what I do online.

I have always expected you to one day post a screed on privacy. You are obviously witness to the level of fuck ups that work in IT. Assume everything is going to get outed on the corporate side. The trend is your friend or enemy here.

The mention of PCI made me laugh. To me it seemed a good avenue for exploit.
It was some years ago but I was on the fringes of the whole TJ X mess. It surprised me to see how IT allows all kinds of shit to get hung on their network. Nobody is running hard wired controls anymore. Frankly, what I saw was that the security used to meet PCI was itself a great weak link. Access control hung on the network tied to employee data bases (employee badging). IP devices all over the joint that IT does not understand.

I started to have impure thoughts....

It was just revealing and got added to my general unease about personal information.

[Hockey Guy]

Why can't these/you guys meet women the old fashioned way?

 

& by "the old fashioned way" I obviously mean

 

http://pokerfraudalert.com/forum/sho...ght=bill+cosby

[LLL]

http://gizmodo.com/hackers-threaten-...ium=socialflow







The hackers claim to have access to all 40 million customer records of AshleyMadison.com (a site for married people to cheat), and says they will release everything if the company does not shut down immediately.

Apparently what angered the hackers was not the basic infidelity concept of AshleyMadison, but a scummy feature on there called "Full Delete", which costs users $19. It supposedly wipes the record of your account's existence from their servers (why isn't this free?), but in reality it just removes it from public view, and they keep your personal info on file.

The hackers apparently discovered the deception of "Full Delete", and then decided to issue this ultimatum regarding shutting down or all information being released.

Pretty amazing that so many married people were so gullible as to give their real info to a site like AshleyMadison. How hard is it to buy a prepaid credit card, register it in a fake name, and pay for AshleyMadison that way?

Will be interested to see where this goes...

Tell us, Druff.