{"id":5047,"date":"2015-07-21T00:51:40","date_gmt":"2015-07-21T04:51:40","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=5047"},"modified":"2017-05-16T10:43:20","modified_gmt":"2017-05-16T14:43:20","slug":"the-cheating-website-in-an-involuntary-affair-with-hackers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/the-cheating-website-in-an-involuntary-affair-with-hackers\/5047\/","title":{"rendered":"The cheating website in an involuntary affair with hackers"},"content":{"rendered":"<div class=\"entry-content\">\n<div>\n<p>The \u2018It wasn\u2019t me\u2019 phrase is not going to fly for users of the Ashley Madison dating site as the personal records of 37 million users have been stolen. Hackers threaten to release the entire database of the site if owners do not shut down two of their hookup sites.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2015\/07\/05090905\/ashleymadison-1-en-1024x646.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-9372\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2015\/07\/05090905\/ashleymadison-1-en-1024x646.jpg\" alt=\"Ashley Madison, website for extramarital affair dating is hacked\" width=\"1920\" height=\"1212\"><\/a><\/p>\n<p>The popular dating site \u2018Ashley Madison\u2019 with the provocative slogan <i>\u201cLife is short. Have an affair\u201d<\/i> and the \u2018Established Men\u2019 website that sets up rich men with women \u2014 both belong to the Avid Life Media company. Hackers claim to punish ALM\u2019s unfair practices: the company reportedly asks its customers to pay a $19 fee for completely erasing their profiles but actually does not wipe clients\u2019 data as promised.<\/p>\n<p>The attackers said: <i>\u201cUsers almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.\u201d<\/i><\/p>\n<blockquote class=\"twitter-pullquote\"><p>The #cheating website in an involuntary affair with #hackers. #security #privacy<\/p>\n<p><a class=\"btn btn-twhite\" href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F55bN&amp;text=The+%23cheating+website+in+an+involuntary+affair+with+%23hackers.+%23security+%23privacy\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/p><\/blockquote>\n<p>Advocating justice, hackers demand ALM to permanently take both websites offline in all forms. Otherwise real customers names and addresses together with information about their secret sexual fantasies will be published online.<\/p>\n<p>Hackers graciously permit the company to keep the other sites online (the only other site that belongs to ALM is the Cougar Life that connects older women with younger men). The company responds by charging attackers for committing a criminal act.<\/p>\n<p>\u00a0<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/TDSBreakingNews?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#TDSBreakingNews<\/a> Cheating website Ashley Madison hacked. Back to cheating the old-fashioned way: with wife's sister.<\/p>\n<p>\u2014 The Daily Show (@TheDailyShow) <a href=\"https:\/\/twitter.com\/TheDailyShow\/status\/623267412696150017?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 20, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u00a0<\/p>\n<p>KrebsOnSecurity reports that samples of stolen data had been already published on the web to prove the hack, but ALM managed to remove published data shortly after the incident. The company confirmed the breach and stated that it engaged \u2018leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident\u2019.<\/p>\n<p>It\u2019s quite possible that an individual with the inside access to the company\u2019s network is involved \u2014 a former employee or a contractor. An indirect proof for this theory lies in the apology note that the attacker addresses to the ALM director of security: <i>\u201cOur one apology is to Mark Steele. You did everything you could, but nothing you could have done could have stopped this\u201d<\/i>.<\/p>\n<p>\u00a0<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Dating site, Match are putting user data at risk with non-HTTPS login. Via <a href=\"https:\/\/twitter.com\/arstechnica?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@arstechnica<\/a> \u2013 <a href=\"http:\/\/t.co\/8ojiCWsxbL\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/8ojiCWsxbL<\/a> <a href=\"http:\/\/t.co\/3gmkxE7w83\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/3gmkxE7w83<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/590556986808393729?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u00a0<\/p>\n<p>For ALM huge revenue is at stake: according to the hackers, the profile removal service alone brought the company about $1.7 million in 2014. The whole Ashley Madison project is rated about $1 billion.<\/p>\n<p>Currently ALM doesn\u2019t seem to be ready to follow hackers\u2019 demands and close their business. On the other hand, the privacy of 37 million of cheaters is thrown into the mix. If you put morality issues and possible family problems aside, the data can be used by other cybercriminals for phishing attempts or banking fraud.<\/p>\n<p>It\u2019s not clear who is the first to blame: ALM that promised security to its users or the users themselves. A recent Electronic Frontier Foundation report shows that dating sites are very dangerous from security\/privacy point of view. Just a couple of months earlier another dating site was hacked and more than 3.5 million people\u2019s sexual preferences, fetishes and secrets have been exposed.<\/p>\n<p>\u00a0<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">6 heartbreaking <a href=\"https:\/\/twitter.com\/hashtag\/privacy?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#privacy<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> flops on major online dating sites \u2013 and what you can do about it. <a href=\"https:\/\/t.co\/jrY3xXw8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/jrY3xXw8<\/a><\/p>\n<p>\u2014 EFF (@EFF) <a href=\"https:\/\/twitter.com\/EFF\/status\/168038587873497088?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 10, 2012<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u00a0<\/p>\n<p>When you\u2019re paying with a credit card for intimate goods and services, you share your sensitive information with the seller \u2014 and with every hacker who will be bold enough to hack the seller\u2019s system. Once the data is released online there is no way to take it down.<\/p>\n<p>That\u2019s why it\u2019s vital to think about basic security:<\/p>\n<p>\u2013 use encrypted communication channels;<br>\n\u2013 pay in cash if you don\u2019t want your data to be recorded and used by unfair sellers;<br>\n\u2013 use a different email account and a nickname for dating websites.<\/p>\n<p>\u00a0<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Dating in the digital age &amp; staying safe online. <a href=\"http:\/\/t.co\/FVE0ylNElM\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/FVE0ylNElM<\/a>   <a href=\"https:\/\/twitter.com\/hashtag\/onlinedating?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#onlinedating<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/onlinesecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#onlinesecurity<\/a> <a href=\"http:\/\/t.co\/PdNZZMIzuS\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/PdNZZMIzuS<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/568939467010142209?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u00a0<\/p>\n<p>ALM claims that it\u2019s close to identifying the hackers responsible. Unfortunately, it\u2019s unclear if they finish the investigation in time to save privacy of millions of their users.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The \u2018It wasn\u2019t me\u2019 phrase is not going to fly for users of the Ashley Madison dating site as the personal records of 37 million users have been stolen. Hackers<\/p>\n","protected":false},"author":522,"featured_media":5048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1129,78,43,192,97,1130],"class_list":{"0":"post-5047","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-dating-sites","9":"tag-hackers","10":"tag-privacy","11":"tag-protection","12":"tag-security-2","13":"tag-sensitive-data"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/the-cheating-website-in-an-involuntary-affair-with-hackers\/5047\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/the-cheating-website-in-an-involuntary-affair-with-hackers\/3280\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/dating-sites\/","name":"dating sites"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=5047"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5047\/revisions"}],"predecessor-version":[{"id":7055,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5047\/revisions\/7055"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/5048"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=5047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=5047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=5047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}