Ashley Madison Users Should Have Taken Precautions

Cybercriminals monetize stolen data in many different ways. They can make fraudulent purchases with stolen credit cards, sell stolen email addresses to spammers, and even parlay stolen personal data into full-scale identity theft. But it seems that the Impact Team hackers who robbed online infidelity site Ashley Madison a month ago may have been motivated by…morality?

Ashley Madison's motto is, "Life is short. Have an affair," and apparently at least 37 million people gave it a try. That's how many user accounts were compromised in the attack. But instead of selling or abusing the stolen data, the perpetrators made one simple demand: Shut down Ashley Madison and its nasty related sites, or we will expose your users to the world.

Time's Up!
Apparently Ashley Madison's principals valued the income from their sites more than the privacy of their users; they didn't shut down. And yesterday, the hacking group made good on their threat, releasing the data anonymously via the TOR network.

Digital news outlet Quartz downloaded the data and provisionally verified its validity. The stolen records include full names, date, city, country, and email addresses, as well as the last four digits of the credit card used. Account usernames and passwords were also present, but thoroughly encrypted.

In a statement released along with the stolen data, the Impact Team claimed that Ashley Madison is a scam, with thousands of fake female profiles, and that 90 to 95 percent of actual users are male. The statement encourages anyone whose data was leaked to sue parent company Avid Life Media and claim damages, and to "learn your lesson and make amends." (If you click the link to view the statement, you'll see what seem to be garbage characters at the top. Formatted correctly, they spell "TIME's UP!" in ASCII art.)

Can You Stay Safe?
The Impact Team suggests that most male Ashley Madison subscribers never do get as far as an affair, because most of the female profiles are fake. If you signed up, whether or not you actually met "someone special," it's time to confess. Better to come clean than to have your spouse find out second-hand. (We have seven things you can do to keep the mayhem to a minimum.)

If your credit card data is stolen in a breach, the bank just issues a new one. But if your infidelity is exposed, nobody can issue you a new marriage. Anything you put online can potentially be exposed, so perhaps you should take your affairs off the grid. Failing that, play it smart. Consider creating a burner account for the most sensitive sites. And every time you create an account on any website, fill in only the required fields, nothing more. Your data may still get stolen, but you can minimize the damage.

About Our Expert

Neil J. Rubenking

Principal Writer, Security

My Experience

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my "User to User" and "Ask Neil" columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

The Technology I Use

Much of the testing I do, particularly testing with real-world ransomware, is just plain dangerous. To perform such tests safely, I sequester them inside virtual machines managed by VMWare Workstation. For cross-platform testing, I use a MacBook Air, a Google Pixel 4, and a 6th-generation iPad.

I rely on my Delphi coding skills to create and maintain small applications. These include programs to check whether an antivirus correctly handled the malware it detected, launch dangerous URLs and record the security program’s reaction, and analyze the malware that I collect for use in testing. I also wrote a tiny browser and text editor for use in testing security apps that have predefined reactions for known products.

I do my writing and research on a Dell OptiPlex desktop, relying on Microsoft Word (my fingers know all the shortcuts). Many of my articles include charts and analysis; Excel is my go-to for those. When work hours end, though, I escape the bounds of Microsoft and Windows. There’s an iPhone in my pocket, I relax with my oversized iPad, and my Kindle Oasis is always loaded with the best science fiction and fantasy.

Read the latest from Neil J. Rubenking

Read full bio