SoylentNews is people
SoylentNews
KrebsonSecurity is reporting that the online "cheating" site AshleyMadison.com (and other sites run by the Avid Life Media group) has been hacked with user information compromised by a group called the Impact Team.
The group is threatening to release all data online as a result of alleged lies the ALM group told members unless the sites are entirely shut down.
"Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie," the hacking group wrote. "Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed."
AshleyMadison.com does offer a $20 "Full Delete" option for a users profile, as detailed in this ArsTechnica article from 2014. Obviously, this "Full Delete" is now useless, as the information is already (allegedly) in the hands of the hackers.
Is this a case of altruistic hacking or a possible case of revenge?
(Score: 4, Informative) by JNCF on Monday July 20 2015, @07:04PM
From TFA:
According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
If this isn't a crime (IANAL) it certainly sounds like something that warrants their servers getting burned to the ground by an angry mob with pitchforks. If you say you're deleting somebody's data, delete it.
(Score: 2) by bob_super on Monday July 20 2015, @07:26PM
I just deleted all your data from my records. Your credit card will now be charged the $200.000 you had agreed to pay for this service. For your safety and anonymity, you will not receive a duplicate of your receipt.
(Score: 1) by khallow on Tuesday July 21 2015, @12:07AM
Your credit card will now be charged the $200.000 you had agreed to pay for this service. For your safety and anonymity, you will not receive a duplicate of your receipt.
Won't work. Credit card companies will deny or reverse payment, if the business doesn't have proof of payment.
(Score: 4, Informative) by JNCF on Monday July 20 2015, @07:27PM
Also, I just looked at the AshleyMadison site to see if it has any clear warnings about a data breach. I didn't see any, but did see these claims:
Over 37,610,000 anonymous members!
Ashley Madison is the world's leading married dating service for discreet encounters
Trusted Security Award
100% DISCREET SERVICE
Seems like they're lying to their customers, and should update their site to say "0% DISCREET SERVICE" with much haste.
Really, people should stop trusting centralised websites with personal information that could damage them. That doesn't make it okay to lie to your customers about data security and sell them false promises for $20 a pop, though.
(Score: 2, Interesting) by tftp on Monday July 20 2015, @07:47PM
That doesn't make it okay to lie to your customers about data security and sell them false promises for $20 a pop, though.
If I were offered such a "full delete", I'd ask how exactly they are going to delete my data from hundreds of backup tapes that are stored in vaults of Iron Mountain and similar companies.
Today very little of what you volunteer to the Internet can be truly deleted. The cost of duplication is very small, and the need for duplication (backups, load sharing, hot standby) is high. Perhaps one of viable strategies here is not to delete the data, but to poison the data with wrong, misleading information, and to let it propagate through a good number of backup cycles. An active account will not prompt reaching for a backup; a deleted account is likely to be restored only from a recent backup (just before the deletion.) You'd have to be very important to force people to order a 3 years old backup tape and then try to restore it onto a system that may be too new to accept such an old data. Maybe the old tapes will be reused - and then you are completely safe.
(Score: 2, Interesting) by Anonymous Coward on Monday July 20 2015, @08:52PM
Easy per-user encrypted keys stored in a database with a sign in unlocking said key. They can back up all they want, but they are only getting the encrypted data. Secure delete on their end equals DELETE FROM userkeys WHERE username=$deleted_user;
(Score: 1) by tftp on Monday July 20 2015, @11:15PM
Zero-knowledge setups definitely exist; however their weakness is in fact that only the customer has the key, and only the customer can understand the data. This makes it usable only in narrowly defined cases. There are some new patents that describe how to do some limited processing on partially understood data, but it's not interesting to those Web sites. A company that stores c/c numbers when it is not permitted to do so will not be spending even a dime on safeguarding someone else's data. Plenty of those services are focused on fleecing the sheep.
(Score: 2) by JNCF on Monday July 20 2015, @09:08PM
You would be smart to question their "FULL DELETE" offer, obviously. Does the fact that a large number of users are more gullible/ignorant than you make it acceptable to lie to those users and sell them a service you can't deliver? Is it okay for me to launch a website that advertises a "FULL DELETE" of your NSA files for $20, and then doesn't actually do anything? I'd feel like kind of an asshole for doing something like that, a fraud even. The fact that people might actually fall for it wouldn't make me feel like less of an asshole.
(Score: 5, Insightful) by edIII on Monday July 20 2015, @10:52PM
So, wait... this site is specifically for people to perform adultery, with other people wishing to perform adultery, all while being covert.... and on the Internet in a database?
I'm guessing that there does have to be a victim in here someplace deserving of some sympathy perhaps, but I'm going to need teams of people to find this person.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by Phoenix666 on Tuesday July 21 2015, @01:05AM
Given the context of the article IANAL takes on a different meaning for me.
Washington DC delenda est.