Ashley Madison hack sends shivers through hook-up, porn sites
Hackers released a cache of potentially embarrassing and damaging data
Toronta: Larry Flynt, a defender of free speech and sexual freedom if there ever was one, has this advice for anyone worried by the hack of infidelity site Ashley Madison: Muzzle yourself. "Don't do or say anything you wouldn't want to read about on the front page of the New York Times," said the founder of Hustler magazine and owner of businesses that sell sexually explicit videos online. It might be too late for many people who, lured by a supposed cloak of digital anonymity, have shared their innermost wishes, fetishes and fantasies on hook-up and porn sites. And those companies know that their digital troves of secrets are exactly what make them a target for emboldened hackers.
In exposing the Ashley Madison accounts of as many as 37 million users, hackers released a cache of potentially embarrassing and damaging data. The dump contained email addresses for U.S. government officials, UK civil servants, and workers at European and North American corporations, taking already deep-seated fears about Internet security and data protection to a new level. "This represents a scary precedent" because of the scope and depth of intrusion into people's private lives, said Ajay Sood, Canada general manager at cyber security company FireEye/Mandiant. "Ashley Madison wasn't the first, but it's the one."
The data dump made good on the hackers' threat last month to leak customers' nude photos, sexual fantasies, names and credit card information from the Canadian website with the slogan, "Life is short. Have an affair." The hackers, who have not been identified, appear to bear a grudge against the company and want to undermine it by exposing users to public scrutiny.
The prospect of attacks by non-financially driven hackers pursuing publicity, blackmail or moral judgments sends shivers through the online dating and sex industry. Reports that blackmailers armed with the data dump are contacting Ashley Madison members for extortion will reinforce concerns. For the online adult entertainment segment, which accounts for more than 10 percent of Internet traffic, the trend is particularly worrisome.
"I don't know anyone that's prepared for something like this," said Joanna Angel, a famous punk porn entrepreneur who owns and sells adult films on the website Burning Angel. The online sex industry has long been aware it is more vulnerable to a cyber attack than most companies because some people find it offensive. It also thrives on ensuring privacy. As a result, it has toughened up its defenses over the years, as global retailers and health insurers have fallen victims to hackers. The problem is, security experts say, there is very little else they can do to keep hackers out.
"There are always extra layers of security," said Diane Duke, chief executive officer of the Free Speech Coalition, the trade association for the adult entertainment industry. "However, you build a widget; someone breaks it." Angel, 34, who has starred in and directed hundreds of films, believes she has robust security on her website, but worries it may not be enough to ward off ever-more sophisticated hackers.
She hired outside experts to run her online security after hackers shut her site down for five days, costing her money and, temporarily, customers. Angel said the Ashley Madison affair and release of people's names might curb customers' willingness to disclose personal information, although she had not seen any evidence of this. "It could end up affecting a company like mine," she said. "It will make people more paranoid."
The Ashley Madison hack is the second high-profile attack on a no-strings attached solicitation site this year. In March, Adult FriendFinder was the victim of a massive data breach, with hackers publishing details of 4 million subscribers on the Web. Adult sites, among the first Internet companies to accept credit card payment, tend to have robust security to combat fraud. But their systems for securing non-financial client data are not as strong, cyber experts said.
One large cyber security provider has seen an uptick in business from companies that "trade in the secrets" of clients, an executive said. "It's hard for these types of companies to see what's going on and not want to take a closer look at their security," said the executive, who was not authorized to publicly discuss client enquiries. Many have already hired top-class security talent to keep tabs on their websites, said Mikko Hypponen, chief research officer at Finland-based cyber security company F-Secure.
And users are probably getting wiser about using work email addresses, posting risqué photos or divulging potentially embarrassing information on dating sites, he added. Flynt, who fought in the courts for freedom of speech, said anyone surprised at the invasion of people's privacy is naive.
"Privacy no longer exists," he said, "and it hasn't for some time."