CompuClever Blog

A Personal Encounter with Ashley Madison

by

What are the consequences to piracy that involves millions of users and personal information? We look at both the overall effect of the greatest hack in modern day as well as how it came to our attention through someone seeking our support and professional guidance. We offer here testimony and strategy.

Unless you have been living under a rock for the past few months, you must have heard about the Ashley Madison account hack. This was where hackers released the entire user database of names, email addresses, billing information, and account details of 38 million users tied to the site. Some described the historical hack episode as an extinction-level event for privacy.

Jeff Yang, a columnist for The Wall Street Journal, asked this simple but stern question in his CNN-syndicated commentary – Ashley Madison hack: privacy becomes extinct. Comparing the incident to the prehistoric planet-wide catastrophe that wiped out the Jurassic World, Yang declared that the data hack of the Toronto-based infidelity website was “an extinction-level event for privacy”.

Attack Aftermath

We were shocked when we first learned that hackers managed to steal close to 40 million users’ records from Ashley Madison, which made claims shortly after the incident that its members remained anonymous. However, in early August 2015 it was clear that this was not the case as hackers released details of millions of email addresses, billing information, and account details tied to the site[1].

As a group of seasoned IT professionals who have been actively involved with security R&D for a number of years, we can tell this hack event was different from all previous data leakages that impacted large corporations and national-level government agencies. This time, the privacy of many ordinary people – with repercussions to job, relationships, family life, marriage, and personal life – was exploited, ripped apart, and taken away.

What was the impact to this? Heartless spammers sent extortion emails to people demanding ransom in return of “wiping records clean”[2]. Adding salt to the wound, class action lawsuit experts and divorce lawyers are circling victims smelling hefty legal fees in the air. The rippling effect of the biggest privacy invasion in human history will be felt for a long time to come. Sadly, we CANNOT be fooled by those spamming extortionists; data leakage is just like waste water leakage – there is no way to retract or wipe absolutely clean what’s already there.

A Personal Encounter

Just a few weeks ago, the core group here at CompuClever was caught in a “personal” encounter with the Ashley Madison aftermath. A seemly normal support email came from a user requesting help with opening a very large (approximately 10 GB), compressed file. The technical support specialist who was dealing with the ticket noticed something abnormal – the origin of the file resides on “The Pirate Bay”, a controversial pirate website usually referred to as part of the “darker side of the web”. Due to the security concern, this case was quickly escalated to our co-founder and Chief Product Officer Yida Mao, who is also our in-house security expert.

Using an isolated environment, Yida led our security analysts to identify the contents of the large compressed file which actually contained the entire dataset of the Ashley Madison user account database. Due to security pre-cautions and with suspicion of possible computer virus contamination within the compressed file, we immediately notified the user to delete and quarantine the file without her having to opening it. We were told by this user that she had strong feelings that her partner had been active on the Ashley Madison site and wanted confirmation. We utilized alternative and safe methods to fulfill her queries and she was grateful.

When global-scale security breaches like that of Ashley Madison happen, we always have mixed feelings of horror and sympathy, along with a sense of responsibility. The magnitude of the hack, for both the number of people involved and the level of impact is HUGE. Can you imagine if the privacy and secrecy of the entire nation of Canada (approximately 36 million) was hacked, exposed, and ripped apart? Meanwhile, as IT professionals who are actively involved with R&D in the realm of PC security and optimization, we also feel deeply compelled to reach out to our families, friends, and to our users and readers in order to awake their sense of online security. Cyber security breach and privacy invasion is no longer something you only read about in cold war novels or watch in Jason Bourne movies, it is happening to people around us or may have already impacted you and your family.

Recommendations

So what can you do instead of just being paranoid? “Be vigilant and aware of your digital surroundings, just as you should be aware of your physical surroundings” says Yida Mao who has managed multiple R&D teams in the cyber security field and published research findings at several international software consortiums. He offers three core principles for protecting your cyber security and privacy:

  • Be aware of what’s already on your PC: Your PC has a lot of information to tell about you, including your personal data, financial records, photos, tax filings, family tree information, and more. Anything that physically reside on your PC can be stolen and exposed. Read more about how to safely remove sensitive information from your PC…
  • Be aware of what’s getting stored on your PC: Unless your PC is never connected to the Internet, you always face the risk of cyber-attacks or privacy intrusions. Your PC is not designed to battle any of these attacks alone and neither should you. Get comprehensive security software like CompuClever Antivirus PLUS to fend off cyber-attacks.
  • Be aware of what’s being sent from your PC: Frequently you, or your PC, will send out sensitive information or data without your full permission or intent. Do you have a data filtering mechanism to prevent information like your credit card numbers or social security numbers from being leaked out? If not, you should use something equivalent to the Data Protection function in CompuClever Antivirus PLUS to safeguard your personal data.

We urge you to take time and assess what protective measures you have put in place to safeguard your information and your privacy, regardless what software or tools you choose to use. Do not delay or procrastinate, cyberattacks do not wait for you – instead, they catch you off-guard.

In Summary

We are excited to be able to provide an AV product that can equip you with tools designed to safeguard you from cyber attacks. Together with our prior technologies such as PC Clean Maestro you can be more proactive in protecting your privacy and securing your personal information in order to safely enjoy your PC computing practices. We plan to continue covering this theme of protection and security in upcoming articles and welcome your feedback.

Please keep in mind… if you have some ideas of topics you would like us to cover or have other feedback to offer, email us at: newsletter@compuclever.com

 

[1] CNN: Hackers released details of hacked Ashley Madison accounts.
[2] CNN: Spammers sent extortion emails to Ashley Madison users.