KrebsonSecurity is reporting that the online "cheating" site AshleyMadison.com (and other sites run by the Avid Life Media group) has been hacked with user information compromised by a group called the Impact Team.
The group is threatening to release all data online as a result of alleged lies the ALM group told members unless the sites are entirely shut down.
"Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie," the hacking group wrote. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
AshleyMadison.com does offer a $20 "Full Delete" option for a users profile, as detailed in this ArsTechnica article from 2014. Obviously, this "Full Delete" is now useless, as the information is already (allegedly) in the hands of the hackers.
Is this a case of altruistic hacking or a possible case of revenge?
(Score: 4, Insightful) by takyon on Monday July 20 2015, @06:44PM
One party (the hackers) committed a crime, the other (adulterers and website) didn't.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Informative) by JNCF on Monday July 20 2015, @07:04PM
From TFA:
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
If this isn't a crime (IANAL) it certainly sounds like something that warrants their servers getting burned to the ground by an angry mob with pitchforks. If you say you're deleting somebody's data, delete it.
(Score: 2) by bob_super on Monday July 20 2015, @07:26PM
I just deleted all your data from my records. Your credit card will now be charged the $200.000 you had agreed to pay for this service. For your safety and anonymity, you will not receive a duplicate of your receipt.
(Score: 1) by khallow on Tuesday July 21 2015, @12:07AM
Your credit card will now be charged the $200.000 you had agreed to pay for this service. For your safety and anonymity, you will not receive a duplicate of your receipt.
Won't work. Credit card companies will deny or reverse payment, if the business doesn't have proof of payment.
(Score: 4, Informative) by JNCF on Monday July 20 2015, @07:27PM
Also, I just looked at the AshleyMadison site to see if it has any clear warnings about a data breach. I didn't see any, but did see these claims:
Over 37,610,000 anonymous members!
Ashley Madison is the world's leading married dating service for discreet encounters
Trusted Security Award
100% DISCREET SERVICE
Seems like they're lying to their customers, and should update their site to say "0% DISCREET SERVICE" with much haste.
Really, people should stop trusting centralised websites with personal information that could damage them. That doesn't make it okay to lie to your customers about data security and sell them false promises for $20 a pop, though.
(Score: 2, Interesting) by tftp on Monday July 20 2015, @07:47PM
That doesn't make it okay to lie to your customers about data security and sell them false promises for $20 a pop, though.
If I were offered such a "full delete", I'd ask how exactly they are going to delete my data from hundreds of backup tapes that are stored in vaults of Iron Mountain and similar companies.
Today very little of what you volunteer to the Internet can be truly deleted. The cost of duplication is very small, and the need for duplication (backups, load sharing, hot standby) is high. Perhaps one of viable strategies here is not to delete the data, but to poison the data with wrong, misleading information, and to let it propagate through a good number of backup cycles. An active account will not prompt reaching for a backup; a deleted account is likely to be restored only from a recent backup (just before the deletion.) You'd have to be very important to force people to order a 3 years old backup tape and then try to restore it onto a system that may be too new to accept such an old data. Maybe the old tapes will be reused - and then you are completely safe.
(Score: 2, Interesting) by Anonymous Coward on Monday July 20 2015, @08:52PM
Easy per-user encrypted keys stored in a database with a sign in unlocking said key. They can back up all they want, but they are only getting the encrypted data. Secure delete on their end equals DELETE FROM userkeys WHERE username=$deleted_user;
(Score: 1) by tftp on Monday July 20 2015, @11:15PM
Zero-knowledge setups definitely exist; however their weakness is in fact that only the customer has the key, and only the customer can understand the data. This makes it usable only in narrowly defined cases. There are some new patents that describe how to do some limited processing on partially understood data, but it's not interesting to those Web sites. A company that stores c/c numbers when it is not permitted to do so will not be spending even a dime on safeguarding someone else's data. Plenty of those services are focused on fleecing the sheep.
(Score: 2) by JNCF on Monday July 20 2015, @09:08PM
You would be smart to question their "FULL DELETE" offer, obviously. Does the fact that a large number of users are more gullible/ignorant than you make it acceptable to lie to those users and sell them a service you can't deliver? Is it okay for me to launch a website that advertises a "FULL DELETE" of your NSA files for $20, and then doesn't actually do anything? I'd feel like kind of an asshole for doing something like that, a fraud even. The fact that people might actually fall for it wouldn't make me feel like less of an asshole.
(Score: 5, Insightful) by edIII on Monday July 20 2015, @10:52PM
So, wait... this site is specifically for people to perform adultery, with other people wishing to perform adultery, all while being covert.... and on the Internet in a database?
I'm guessing that there does have to be a victim in here someplace deserving of some sympathy perhaps, but I'm going to need teams of people to find this person.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Phoenix666 on Tuesday July 21 2015, @01:05AM
Given the context of the article IANAL takes on a different meaning for me.
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Monday July 20 2015, @07:42PM
Banks worldwide stole trillions of dollars from taxpayers...legally. Don't make it 'OK'.
(Score: 2) by tathra on Monday July 20 2015, @08:42PM
adultery is still illegal [wikipedia.org] in many US states. marriage is a contract, after all, and enforcing contracts is one of the responsibilities of government, otherwise there's no point to them.
(Score: 5, Informative) by takyon on Monday July 20 2015, @08:59PM
https://www.bostonglobe.com/news/nation/2012/11/15/adultery-still-crime-states-including-mass/KiIPGRcFnAeT4CGmenFTKM/story.html [bostonglobe.com]
http://www.scstatehouse.gov/code/t16c015.php [scstatehouse.gov]
Oral sex is also a felony in South Carolina.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by redbear762 on Monday July 20 2015, @09:55PM
Patraeus's career hasn't been harmed in any significant way except for a major black eye and known as a cheating asshole to just about everyone; hehas been called back to serve as a de facto consultant against ISIS.
(Score: 2) by takyon on Monday July 20 2015, @10:25PM
His career looked a lot worse back in 2012, when that article was written, and in early 2013 [wikipedia.org], when he took a visiting professor position at City University of New York for a $1 salary after the proposed $200,000 salary was slammed.
Since joining KKR Global Institute in May 2013 and getting the slap-on-the-wrist plea deal in March 2015, he has done very well for himself.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0, Disagree) by Anonymous Coward on Monday July 20 2015, @10:36PM
Most people know better than to seek legal counsel on their marriages from a newspaper article.
(Score: 2) by takyon on Monday July 20 2015, @10:45PM
Most people are not prosecuted for committing adultery or engaging in oral sex.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by Nollij on Wednesday July 22 2015, @05:14AM
IANAL, but I suspect Lawrence v. Texas invalidated those laws.
(Score: 3, Insightful) by hash14 on Monday July 20 2015, @10:53PM
This just goes to show how stupid moral laws are.
Do you honestly expect politicians to go on the public record for fair treatment of activities like adultery? They're certainly not worthy of felonies and prison sentences - but they are taboo, and no one wants to be seen doing anything to condone it, hence, they will never be repealed.
How about this for a rule: any law that hasn't been enforced in the previous 10 years must be explicitly renewed to stay enforceable. It might take a bit of creativity to enforce, but this mechanism definitely worked to its intended effect for the US surveillance laws.
(Score: 2) by penguinoid on Tuesday July 21 2015, @07:35AM
Maybe all laws, other than the Constitution, should go up for review every so often. If nothing else, that way politicians don't have to make the same thing illegal again just to show they oppose it. And they also can't bury their support for laws by going "oh well it passed nothing to be done about it anymore".
RIP Slashdot. Killed by greedy bastards.
(Score: 2) by Justin Case on Wednesday July 22 2015, @12:51AM
> any law must be explicitly renewed every 10 years
FTFY
(Score: 0) by Anonymous Coward on Monday July 20 2015, @10:23PM
One party (the hackers) committed a crime, the other (adulterers and website) didn't.
One party did the right thing and the other didn't.