请输入您要查询的百科知识:

 

词条 Ashley Madison data breach
释义

  1. Timeline

  2. Impact and ethics

  3. Data analysis

  4. See also

  5. References

{{Use dmy dates|date=September 2015}}{{Computer hacking}}

In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. On 18th and 20th of August, the group leaked more than 25 gigabytes of company data, including user details.

Because of the site's policy of not deleting users' personal information – including real names, home addresses, search history and credit card transaction records – many users feared being publicly shamed.[1]

Timeline

The Impact Team announced the attack on 15 July 2015 and threatened to expose the identities of Ashley Madison's users if its parent company, Avid Life Media, did not shut down Ashley Madison and its sister site, "Established Men".[2]

On 20 July 2015, the website put up three statements under its "Media" section addressing the breach. The website's normally busy Twitter account fell silent apart from posting the press statements.[3] One statement read:

{{quote|At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber-terrorism will be held responsible. Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.[4]|align=center}}

The site also offered to waive the account deletion charge.

Although Ashley Madison denied reports that a mass release of customer records occurred on 21 July,[5] over 60 gigabytes worth of data was confirmed to be valid on 18 August.[6] The information was released on BitTorrent in the form of a 10 gigabyte compressed archive and the link to it was posted on a dark web site only accessible via the anonymity network Tor.[7] The data was cryptographically signed[8] with a PGP key. In its message, the group blamed Avid Life Media, accusing the company of deceptive practices: "We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data ... Too bad for ALM, you promised secrecy but didn't deliver."[9]

In response, Avid Life Media released a statement that the company was working with authorities to investigate, and said the hackers were not "hacktivists" but criminals.[10] A second, larger, data dump occurred on 20 August 2015, the largest file of which comprised 12.7 gigabytes of corporate emails, including those of Noel Biderman, the CEO of Avid Life Media.[11]

In July 2017, Avid Life Media (renamed Ruby Corporation) agreed to settle two dozen lawsuits stemming from the breach for $11.2 million.[12][13]

Impact and ethics

None of the accounts on the website need email verification for the profile to be created, meaning that people often create profiles with fake email addresses, and sometimes people who have similar names accidentally confuse their email address, setting up accounts for the wrong email address. Ashley Madison's company required the owner of the email account to pay money to delete the profile, preventing people who had accounts set up against their consent (as a prank or mistyped email) from deleting them without paying.[14] Hackers allege that Avid Life Media received $1.7 million a year from people paying to shut down user profiles created on the site. The company falsely asserted that paying them would "fully delete" the profiles, which the hack proved was untrue.[14]

Following the hack, communities of internet vigilantes began combing through to find famous individuals, who they planned to publicly humiliate.[16] France24 reported that 1,200 Saudi Arabian .sa email addresses were in the leaked database, and in Saudi Arabia adultery can be punished with death.[15] Several thousand U.S. .mil and .gov email addresses were registered on the site.[16][17][18] In the days following the breach, extortionists began targeting people whose details were included in the leak, attempting to scam over US$200 worth of Bitcoins from them.[19][20][21] One company started offering a "search engine" where people could type email addresses of colleagues or their spouse into the website, and if the email address was on the database leak, then the company would send them letters threatening that their details were to be exposed unless they paid money to the company.[22][23]

A variety of security researchers and internet privacy activists debated the media ethics of journalists reporting on the specifics of the data, such as the names of users revealed to be members.[24][25][26][27] A number of commentators compared the hack to the loss of privacy during the 2014 celebrity photo hack.[28][29]

Clinical psychologists argued that dealing with an affair in a particularly public way increases the hurt for spouses and children.[30] Carolyn Gregoire argued that "Social media has created an aggressive culture of public shaming in which individuals take it upon themselves to inflict psychological damage" and that more often than not, "the punishment goes beyond the scope of the crime."[30] Graham Cluley argued that the psychological consequences for people shamed could be immense, and that it would be possible for some to be bullied into suicide.[31][32] Charles J. Orlando, who had joined the site to conduct research concerning women who cheat, said he felt users of the site were anxious the release of sexually explicit messages would humiliate their spouses and children.[33] He wrote it is alarming "the mob that is the Internet is more than willing to serve as judge, jury, and executioner" and members of the site "don't deserve a flogging in the virtual town square with millions of onlookers."[33]

On 24 August 2015, Toronto police announced that two unconfirmed suicides had been linked to the data breach, in addition to "reports of hate crimes connected to the hack."[34][35] Unconfirmed reports say a man in the U.S. died by suicide.[22] At least one suicide, which was previously linked to Ashley Madison, has since been reported as being due to "stress entirely related to issues at work that had no connection to the data leak".[36]

On 24 August 2015, a pastor and professor at the New Orleans Baptist Theological Seminary killed himself citing the leak that had occurred six days before.[37]

Users whose details were leaked are filing a $567 million class-action lawsuit against Avid Dating Life and Avid Media, the owners of Ashley Madison,

through Canadian law firms Charney Lawyers and Sutts, Strosberg LLP.[38] In July 2017, the owner of Ruby Corp. announced the company would settle the lawsuit for $11.2 million.[39]

Data analysis

Annalee Newitz, editor-in-chief of Gizmodo, analyzed the leaked data.[40] She initially found that only roughly 12,000 of the 5.5 million registered female accounts were used on a regular basis, equal to 3 in every 1000, or less than 1%.[46][41] The remaining were used only one time, the day they were registered. She also found that a very high number of the women's accounts were created from the same IP address suggesting there were many fake accounts. She found women checked email messages very infrequently: for every 1 time a woman checked her email, 13,585 men checked theirs. Only 9,700 of the 5 million female account had ever replied to a message, compared to the 5.9 million men who would do the same. She concluded that, "The women's accounts show so little activity that they might as well not be there".[42] In a subsequent article the following week Newitz acknowledged that she had "misunderstood the evidence" in her previous article, and that her conclusion that there were few females active on the site had actually been based on data recording "bot" activities in contacting members. She notes that "we have absolutely no data recording human activity at all in the Ashley Madison database dump from Impact Team. All we can see is when fake humans contacted real ones."[43]

Passwords on the live site were hashed using the bcrypt algorithm.[44][45] A security analyst using the Hashcat password recovery tool with a dictionary based on the RockYou passwords found that among the 4,000 passwords that were the easiest to crack, "123456" and "password" were the most commonly used passwords on the live website. An analysis of old passwords used on an archived version showed that "123456" and "password" were the most common.[46] Due to a design error where passwords were hashed with both bcrypt and MD5, 11 million passwords were eventually cracked.[47]

Claire Brownell suggested that the Turing test could be possibly passed by the women-imitating chatbots that fooled millions of men into buying special accounts.[48]

See also

  • Internet vigilantism
  • Online shaming

References

1. ^{{cite web | url=http://www.businessinsider.com/cheating-affair-website-ashley-madison-hacked-user-data-leaked-2015-7 | title=Extramarital affair website Ashley Madison has been hacked and attackers are threatening to leak data online | work=Business Insider | date=20 July 2015 | accessdate=21 July 2015 | last=Thomsen|first=Simon}}
2. ^{{cite web|url=http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ |title=Online Cheating Site AshleyMadison Hacked |publisher=krebsonsecurity.com |date=15 July 2015 |accessdate=20 July 2015}}
3. ^{{cite web|url=https://twitter.com/ashleymadison|title=Ashley Madison|work=twitter.com|accessdate=20 August 2015}}
4. ^{{cite news|title=STATEMENT FROM AVID LIFE MEDIA, INC.|url=http://media.ashleymadison.com/statement-from-avid-life-media-inc-july-20-1225pm/|accessdate=22 July 2015|publisher=Ashley Madison|date=20 July 2015}}
5. ^{{cite web|url=https://www.theguardian.com/technology/2015/jul/21/ashley-madison-customer-service-meltdown-hack-fallout|title=Ashley Madison customer service in meltdown as site battles hack fallout|last=Hern|first=Alex|work=The Guardian}}
6. ^{{cite web|url=https://www.theguardian.com/technology/2015/aug/19/ashley-madisons-hacked-customer-files-posted-online-as-threatened-say-reports|title=Ashley Madison condemns attack as experts say hacked database is real|date=19 August 2015|work=The Guardian|accessdate=19 August 2015}}
7. ^{{cite web|url=https://www.theguardian.com/technology/2015/aug/20/ashley-madison-hack-your-questions-answered|title=Ashley Madison hack: your questions answered|last=Hern|first=Alex|work=the Guardian}}
8. ^{{cite web|url=https://www.fastcompany.com/3050127/elasticity/no-you-cant-hire-a-hacker-to-erase-you-from-the-ashley-madison-leak|title=No, You Can't Hire A Hacker To Erase You From The Ashley Madison Leak|work=Fast Company}}
9. ^{{cite web|url=https://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/|title=Hackers Finally Post Stolen Ashley Madison Data|date=18 August 2015|work=WIRED|accessdate=19 August 2015}}
10. ^{{cite web|title=Statement from Avid Life Media Inc. – August 18, 2015|url=http://media.ashleymadison.com/statement-from-avid-life-media-inc-august-18-2015/|accessdate=19 August 2015|publisher=Ashley Madison|date=18 August 2015}}
11. ^{{cite web|url=http://money.cnn.com/2015/08/20/technology/ashley-madison-hack-emails/index.html?sr=twmoney082015ashleymadceo4pVODtop|title=Hackers expose Ashley Madison CEO's emails|last=Pagliery|first=Jose|date=20 August 2015|work=CNNMoney}}
12. ^{{cite news |last1=Kravets |first1=David |title=Lawyers score big in settlement for Ashley Madison cheating site data breach |url=https://arstechnica.com/tech-policy/2017/07/sssshhh-claim-your-19-from-ashley-madison-class-action-settlement/ |accessdate=July 19, 2017 |work=Ars Technica |date=July 17, 2017 |language=en-us}}
13. ^{{cite press release |author=Ruby Life Inc. |title=Ruby Corp and Plaintiffs Reach Proposed Settlement of Class Action Lawsuit Regarding Ashley Madison Data Breach |url=http://www.prnewswire.com/news-releases/ruby-corp-and-plaintiffs-reach-proposed-settlement-of-class-action-lawsuit-regarding-ashley-madison-data-breach-634551783.html |accessdate=July 19, 2017 |work=PR Newswire |date=July 14, 2017 |language=en}}
14. ^{{cite web|url=https://firstlook.org/theintercept/2015/07/21/ashley-madison-breach-why-am-i-getting-their-emails/|title=Some Dude Created an Ashley Madison Account Linked to My Gmail, and All I Got Was This Lousy Extortion Screen|work=The Intercept|accessdate=24 August 2015}}
15. ^{{cite web|url=http://www.france24.com/en/20150820-global-fall-out-ashley-madison-hack|title=Americas - The global fallout of the Ashley Madison hack|work=France 24|accessdate=24 August 2015}}
16. ^{{cite web|url=https://www.washingtonpost.com/news/checkpoint/wp/2015/08/19/thousands-of-mil-addresses-potentially-leaked-in-ashley-madison-hack/|title=Thousands of .mil addresses potentially leaked in Ashley Madison hack|last= Gibbons-Neff|first=Thomas|date=19 August 2015|work=Washington Post}}
17. ^{{cite web|url=http://www.military.com/daily-news/2015/08/19/report-hack-adultery-site-ashleymadison-exposed-military-emails.html|title=Report: Hack of Adultery Site Ashley Madison Exposed Military Emails|work=Military.com}}
18. ^{{cite web|url=http://www.politico.com/story/2015/08/pentagon-investigates-troops-ashley-madison-website-cheating-121571.html|title=Pentagon investigating whether troops used cheating website|last=Ewing|first=Philip|date=20 August 2015|work=POLITICO}}
19. ^{{cite web|url=http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/|title=Extortionists Target Ashley Madison Users|date=21 August 2015|last=Krebs|first=Brian|author-link=Brian Krebs|work=Krebs on security}}
20. ^{{cite web|url=http://thehill.com/policy/cybersecurity/251682-extortion-begins-for-ashley-madison-hack-victims|title=Extortion begins for Ashley Madison hack victims|work=TheHill|accessdate=24 August 2015}}
21. ^{{cite web|url=http://fox2now.com/2015/08/21/ashley-madison-users-now-facing-extortion/|title=Ashley Madison users now facing extortion|work=FOX2now.com|accessdate=24 August 2015}}
22. ^{{cite web|url=https://www.theregister.co.uk/2015/08/23/ashley_madison_spam_starts_as_leak_linked_to_first_suicide/|title=Ashley Madison spam starts, as leak linked to first suicide|work=theregister.co.uk}}
23. ^{{cite web|url=https://www.theregister.co.uk/2015/08/20/the_ashley_madison_files_are_people_really_this_stupid/|title=The Ashley Madison files – are people really this stupid?|work=theregister.co.uk}}
24. ^{{cite web|url=http://www.theawl.com/2015/08/notes-on-the-ashley-madison-hack|title=Early Notes on the Ashley Madison Hack|work=The Awl|accessdate=20 August 2015}}
25. ^{{cite web|url=http://onlinejournalismblog.com/2015/07/20/ashley-madison-ethics-journalism-hacked-documents/|title=In the wake of Ashley Madison, towards a journalism ethics of using hacked documents|work=Online Journalism Blog|accessdate=20 August 2015}}
26. ^{{cite web|url=http://fortune.com/2015/08/19/ashley-madison-media/|title=Ashley Madison hack: The ethics of naming users - Fortune|work=Fortune|accessdate=20 August 2015}}
27. ^{{cite web|url=http://www.onthemedia.org/story/jon-ronson-and-public-shaming/|title=Jon Ronson And Public Shaming|work=onthemedia}}
28. ^{{cite web|url=https://www.telegraph.co.uk/women/womens-life/11814054/Ashley-Madison-hack-The-depressing-rise-of-the-moral-hacker.html|title=Ashley Madison hack: The depressing rise of the 'moral' hacker|date=20 August 2015|work=Telegraph.co.uk}}
29. ^{{cite web|url=http://www.newstatesman.com/2015/07/who-can-enjoy-sleazy-tale-peer-bra-when-our-own-privacy-has-never-been-easier-invade|title=As our own privacy becomes easier to invade, are we losing our taste for celebrity sleaze?|work=newstatesman.com}}
30. ^{{cite web|url=http://www.huffingtonpost.com/entry/ashley-madison-hack-psychological-fallout_55d4afcee4b07addcb44f5d4|title=Ashley Madison Hack Could Have A Devastating Psychological Fallout|last=Gregoire|first=Carolyn|date=20 August 2015|work=The Huffington Post}}
31. ^{{cite web|url=https://grahamcluley.com/2015/07/ashley-madison-attack-thoughts-aftermath/|title=The Ashley Madison hack - further thoughts on its aftermath|work=Graham Cluley}}
32. ^{{cite web|url=http://www.smh.com.au/digital-life/consumer-security/hacking-victims-deserve-empathy-not-ridicule-20150906-gjg6ko.html|title=Hacking victims deserve empathy, not ridicule|author=Farhad Manjoo|date=6 September 2015|work=Sydney Morning Herald}}
33. ^{{cite web|url=https://www.yahoo.com/style/i-was-hacked-on-ashley-madison-but-its-you-who-124846903673.html|title=I Was Hacked On Ashley Madison — But It's You Who Should Be Ashamed|author=Charles J. Orlando|author-link=Charles J. Orlando|date=23 July 2015|website=Yahoo! Style|via=Your Tango|accessdate=8 October 2015}}
34. ^{{cite news|title=Ashley Madison hack: 2 unconfirmed suicides linked to breach, Toronto police say|url=http://www.cbc.ca/news/canada/toronto/ashley-madison-hack-2-unconfirmed-suicides-linked-to-breach-toronto-police-say-1.3201432|accessdate=24 August 2015|publisher=CBC|date=24 August 2015}}
35. ^{{cite web|url=https://grahamcluley.com/2015/08/suicide-ashley-madison/|title=Suicide and Ashley Madison|work=Graham Cluley}}
36. ^{{cite web|first=Jacob|last=Beltran|url=http://www.mysanantonio.com/news/local/article/Widow-addresses-suicide-of-SAPD-captain-linked-to-6465568.php|title=Widow addresses suicide of SAPD captain linked to Ashley Madison site|publisher=San Antonio Express News|date=25 August 2015|accessdate=27 August 2015}}
37. ^{{cite web|url=http://money.cnn.com/2015/09/08/technology/ashley-madison-suicide/index.html|title=Pastor outed on Ashley Madison commits suicide|author=Laurie Segall|date=8 September 2015|work=CNNMoney}}
38. ^{{cite web|url=https://www.bbc.co.uk/news/business-34032760|title=Ashley Madison faces huge class-action lawsuit|work=BBC News|accessdate=24 August 2015}}
39. ^{{cite web |url=https://www.cnbc.com/2017/07/15/ashley-madison-parent-in-11-point-2-million-settlement-over-data-breach.html |title=Ashley Madison parent in $11.2 million settlement over data breach |date=15 July 2017 |publisher=CNBC |accessdate=15 July 2017}}
40. ^{{cite web |url=https://gizmodo.com/the-fembots-of-ashley-madison-1726670394 |title=The Fembots of Ashley Madison |work=Gizmodo |last=Newitz|first=Annalee|date=27 August 2015 |accessdate=28 August 2015}}
41. ^{{cite news|url=https://www.independent.co.uk/life-style/gadgets-and-tech/news/ashley-madison-hack-just-three-in-every-10000-female-accounts-on-infidelity-website-are-real-10475310.html|title=Ashley Madison hack: Just three in every 10,000 female accounts on infidelity website are real|work=The Independent|last=Gallagher|first=Paul|date=27 August 2015}}
42. ^{{cite web |url=https://www.yahoo.com/tech/s/most-hilarious-revelation-ashley-madison-hack-yet-031557791.html |title=The most hilarious revelation about the Ashley Madison hack yet |work=Yahoo! Tech |last=Reed|first=Brad|date=27 August 2015 |accessdate=28 August 2015}}
43. ^{{cite web |url=https://gizmodo.com/ashley-madison-code-shows-more-women-and-more-bots-1727613924|title=Ashley Madison Code Shows More Women, and More Bots |work=Gizmodo |last=Newitz|first=Annalee|date=31 August 2015 |accessdate=19 December 2015}}
44. ^{{cite web|url=http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html|title=Sophisticated Security|author=Dean Pierce|work=pxdojo.net}}
45. ^{{cite web|url=http://www.zdnet.com/article/these-are-the-worst-passwords-from-the-ashley-madison-hack/#ftag=YHFb1d24ec|title=This is the worst password from the Ashley Madison hack|author=Zack Whittaker|work=ZDNet}}
46. ^{{cite web|url=http://blog.includesecurity.com/2015/08/forensic-analysis-of-the-AshleyMadison-Hack.html|title=Include Security Blog - As the ROT13 turns....: A light-weight forensic analysis of the AshleyMadison Hack|author=Include Security|work=includesecurity.com|accessdate=20 August 2015}}
47. ^{{cite web|url=https://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/|title=Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked|work=Ars Technica|last=Goodin|first=Dan|date=10 September 2015|accessdate=10 September 2015}}
48. ^{{cite web|url=http://business.financialpost.com/fp-tech-desk/inside-ashley-madison-calls-from-crying-spouses-fake-profiles-and-the-hack-that-changed-everything?__lsa=b245-a155|title=Inside Ashley Madison: Calls from crying spouses, fake profiles and the hack that changed everything|author=Claire Brownell|date=11 September 2015|work=Financial Post}}
{{Hacking in the 2010s}}Ashley Madison#Piratage et fuite de données

6 : 2015 in Canada|Cyberattacks|Data breaches|Hacking in the 2010s|July 2015 events|Email hacking
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/21 14:28:39