As with all privacy breaches there are multiple victims here. The customers whose personal data has been leaked, as well as the company trusted to keep it secure; a trust that may never be regained.
However, what makes this case highly significant is the collateral damage that will likely spread beyond just the direct privacy breach. Family ‘secrets’ are revealed and victims are ‘ousted’ – seemingly at the hands of apparent anonymous hackers.
The hackers have released the information with an invitation to “Find someone you know in here?” followed by “Keep in mind the site is a scam with thousands of fake female profiles”.
On that note, remember that the information obtained and released by hackers in data breaches by their very definition is never verified by the companies who are breached, and so this brings into question the integrity of all the data, regardless of how authentic it might seem. For example, there may be deliberately false information inserted by the hackers into the leaked AshleyMadison.com data designed to damage reputations or serve another agenda. Initial reports suggest the data includes many falsified records.
Here’s a summary of the exact data that was breached:
- Full names and addresses
- Email addresses
- Credit card transactions
- GPS Coordinates
- User Names & Passwords
- Sexual Preference
- Height, Weight, physical characteristics
- Smoking and drinking habits
Today’s breach may well affect nearly 30 million victims, and maybe you don’t know any of them… this time. Next time, in another context, it could be you. With the obvious interest in this data set, there is an opportunity here for the rest of us.
Given the personal and intimate nature of the data, can we as users still protect the privacy of those that have been compromised? Perhaps as users we can offset part of the harm, and at a minimum not aggravate it by ignoring the content of the disclosure. We don’t have to give the hackers power by consuming the illegally breached information.
Until next time, stay safe out there.
August 20, 2015