STFU NEWS: The AshleyMadison Data Dump
 

*** Please Read This Carefully ***
This thread is different than others on GFY because GFY has asked me to Moderate this series of "STFU News" threads. The hope is that these threads will allow lurkers, frequent posters and some of the people who have been posting less to all engage in an intelligent discussion here on GFY about an interesting business relevant topic without being trolled. To accomplish that goal, GFY has asked me to be the moderator of STFU News threads, and that includes deleting or editing posts that are: off topic, trolling, or otherwise aimed at derailing the discussion. Please note, I will *only* be moderating the STFU News threads. I hope you will speak your mind in an intelligent, professional and constructive manner. If this proves to be a useful way of doing things, we will keep it going.
***************************

The first topic is: The Recent Ashley Madison Data Dump
Does the release of the information affect your business?
Does it change how you plan to handle your own site data?
Do you see any business opportunities as a result of the dump?
Will it be good or bad for the industry overall?
Anything else you think is worth mentioning?

For anyone who is unaware of the backstory:
Ashley Madison had a massive amount of member data hacked by a third party who attempted to extort the site owners into taking the entire site offline. They threatened to make the stolen data (including as many as 30M email addresses, credit card numbers, names, addresses and all the rest) public and eventually followed through with that threat. Now a 9GB file is being circulated on torrents with that data available to virtually anyone. Sites are popping up, asking people to enter their email address to see if their information is in the dump files, and many people are dealing with the awkward situation of possibly having to explain why they had an account on a site designed to assist people seeking to have affairs (including Josh Duggar).

I think this is a great idea! I am happy to be first onboard with these comments:

I think what happened with Ashley Madison will definitely affect my business (and all online businesses). First, there will be - surprise! - a bump in sales!

All those CC numbers, emails, etc will be used to join porn sites. That's the Good News. The Bad News (of course) is we will soon be entering Chargeback Hell. CC companies will tighten security measures, consumers will be more wary to give out their personal data, and identity thieves will laugh all the way to the bank.

A big giant GO FUCK YOURSELF to all involved with Ashley Madison (owners, members and hackers).

thoughts of conspiracy
 

It was not too long before the announce of the breach that a couple of adult forums had threads about Ashley Madison having the shady business practice of paying a data removal fee.

Maybe it is just me but right before the breach they were advertising like mad. I almost wonder if this little database leak is just a PR stunt. Maybe the door was just left unlocked.

Does the release of the information affect your business?

Not at the moment. I have been playing with the idea of starting a dating site and just using a white label service. But now I question if building a brand around data I don't control is worth it.

Does it change how you plan to handle your own site data?

Not really. I come from an information security background. I try and keep up with the latest trends of access and data encryption. Most hacks are honestly just the simplest issue or lazy admins.

Do you see any business opportunities as a result of the dump?
Account management services... A third-party that holds the keys to your data and or hookup sites maybe even social media sites. You send one e-mail or something is sent at the time of your death and under contract they pull it all for you.

Will it be good or bad for the industry overall?
Bad for dating and hookup... I think content sites will be fine.

This is a great idea! Great way to get some good conversation going. Keep it up!

We are PCI-DSS compliant and have taken measures to secure our customers' personal data.

We are not in a competitive marketplace with Ashley Madison however there has to be some overlap with customers confidence in general with disclosing any personal information. This ''hack'' is bad for confidence in adult websites -- that is the overall affect on all of us -- negative publicity IMHO.

We do not buy stolen data under any circumstances so profiting from this criminal activity is not a factor for us.

Do you feel the owners could have done something better or differently? Are you taking precautions to avoid a similar hack of your own network in the future?

Solid post Joe, but you lost me on this point. How would that work?

Do you think PCI-DSS compliance is all that would be needed to achieve true data security? Is it reasonable, as some have suggested, to expect a tightening of data security regulations beyond what was necessary before this hack happened?

How big of an effect this has remains to be seen, but no doubt it'll have added negative consequence to our space. When I speak to individuals about paying for porn, the usual factors (besides that porn is free) are viruses and credit card fraud. Fraud may be a loose term, but a tremendous amount of damage has been done.

I think it's raising people's awareness that their information is not safe anywhere. I think this helps big brands that can be trusted. Though Im sure they're not safer

Great idea btw, love the Business aspect of this, so this can bring more serious discussions on GFY

Seeing an impact today with Adult Friend Finder. My member distribution for today shows a large dip in North American members. Makes sense, as this is where the mainstream news sources have really picked up this story.

But then again, one day does not a trend make. Time will tell and fingers crossed as this happened at the most inopportune time...when the end of summer/fall sales traditionally kick it up a notch.

Interesting point... so do you believe the AshleyMadison hack should be viewed the same way the public views the recent hacks of Target, HomeDepot and others? My feeling is just because it's people trying to have affairs the public and the media will look at it very differently from people who got hacked buying pliers at HomeDepot... even though it's nearly an identical security breach. :2 cents:

A service that you let handle setting up all of your accounts. They setup dummy e-mails.. Hold the payment cards in another name.

So you gain more deniability if info is leaked... I'm not [email protected] and the card number is a card registered to another company

They can also offer these services for social media... And if they learn of your demise can kill all of your accounts before your wife and kids ever find out.

And then someone hacks them. There's always going to be a data trail somewhere.

What happens when that service gets hacked? I mean, take a look at LifeLock as the example of a company that swore they would protect user data at all costs... they just got hammed by the FTC for the 2nd time and lost 56% of their share price overnight for failing to take even rudimentary precautions. Also, the largest hack so far was a US agency losing millions of people's data, so a government managed repository is also likely to not be a bulletproof solution... right ?

To be honest, I think it'll only have an impact for as long as it remains in the media spotlight. When the next big story or world event comes along, consumer amnesia will kick in and most things will go back to status quo.

I'm sure the legal ripples will continue...but the average person probably won't hear about a lot of it - if it's not covered much by mainstream media. The audience is too fractured these days.

Sony had that huge security breach a while back...and what overall impact did that have?

I only use DatingFactory.com and I trust them and their security.. :2 cents:

So the Ashley Madison hack didn't made me change a thing.

PDI-DSS data protection technology has other uses than the storage of customer credit card data. The same tokenization technology can protect sensitive customer data. The data security tokens that face the public internet, possibly exploitable, are useless in a server intrusion (aka; ''a hack'').
I cannot go into further details of the process but there is public information (not site specific) on the Internet.

I am unaware of the specifics of the Ashley Madison hack but it is my understanding, to the best of my knowledge, that the hack did not involve usable customer credit card data but only truncated credit card data, e.g.; xxx-xxx-xxx-123, that is all that I have read. That being the case, I would expect no changes in PCI-DSS standards from this event.

Thanks Barry, I'll look deeper into tokens and Skype you if I get stuck...

I agree. I've done a lot of PCI work at different levels and PCI standards really care about the storage and access of credit card data and associated records. Unless the standard has changed in the last few years there's nothing here that would throw up a flag at credit card companies because the standards did what they were supposed to.

As to the rest of it... I wonder about those 37M email addresses out there and whether it will damage the value of mailing lists. My background with gay dating sites showed that there's a huge amount of crossover with most people having accounts on multiple platforms. Does the release of those emails impact other straight dating sites?

I don't believe any long term damage will be done as news cycles are so fast that it will be forgotten beyond the leak damaging some public figures. There's very little real dialogue regarding how it could personally effect people, it's a little too juicy and salacious pointing at those other perverts. The topic of the site, extramarital affairs, also puts this in the 'other' category for most people. Outside the industry I don't think that people see adult dating in the same place as porn, so it'll be interesting to see if there are shockwaves felt beyond AM.

Problem is, Adult Dating is a huge segment of the 'porn industry' so this could have an effect across the board.

If the number of people willing to join adult dating sites go down, then the cost of advertising could increase dramatically to maintain the same number of members as would have been realized before the hacking event occurred.

In turn, with a lower profit margin, fewer people will be willing to put out the dollars for ads. And there's no disputing that Adult Dating currently takes up the lion share of ad spots on tubes, members areas and so on. So this issue could potentially have a very disruptive ripple effect across the entire industry.

It's also reasonable to think many AM or other dating site members are also concurrent Paysite customers. Having cards voided and replaced, whether from the Target hack months ago or this new hack is likely to erode existing recurring billing accounts. In some cases, that may mean losing a customer that has been quietly recurring for years in a row and then having to try and earn them back.

I think it can only hurt the industry, but I have no idea how by how much. Somewhere out there is a guy who is reading about the Ashley Madison hack and is no paranoid that the fact that he joined a porn site that might be of a non-mainstream niche is going to come out. That is guy who is much less likely to buy again in the future.

1. First of, all there was no breach of credit card data.
   
2. Secondly, the security of customer supplied personal data is at question. This data is of value foremost to extortionists and divorce lawyers. It is of possible value to identity thieves but only in collaboration of other held data on that individual -- its usefulness in that respect seems rather limited.
   
3. The third issue is one of customer marketing data and that is purely a commercial interest and of little danger to the customer other than unwanted solicitation with the use of the customer's email address, skype name, etc. .

On an industry wide scale the likely consequence is a customers lack of trust in an adult website -- a common concern to all of us.

You just cannot compare the breaches at Target and Home Depot, et al. to this breach of sensitive personal information. The damage done by your purchase records at bricks and mortar retail stores is minimal -- no divorce lawyer or (other) extortionist would take notice.

Yup, I broke the news that those shady fucks at AM was charging members and even non paying free members a data removal fee. They didn't like it one bit but tough shit. :1orglaugh


https://gfy.com/fucking-around-and-pr...elitewebmaster

EliteWebmaster,

Do you think charging a data removal fee contributed to the hacker's motives, or do you think AshleyMadison would have been a target anyway without removal fees?

The Owners were probably in a lose-lose situation once the data got out and the media got ahold of all this. Security-wise I don't know if they could've done a better job or not (I'm not a security expert) and I don't know if there was a better "play" public relations-wise. So maybe the owners get a break from me here - except that their site's overall premise was bound to attract the less-than-respectable types. Ashley Madison was a target just being Ashley Madison.

As for my network, I try to have as much security in place as is "reasonable" (whatever that is). Any CC info is held by CCBill, Epoch, etc. But I view hacking/stealing of data as something akin to piracy. I can only do so much to prevent it.

That's a dangerous notion. I expect most adult sites attract 'less-than-respectable types' in the eyes of many people. In fact the 'less-than-respectable' consumer public have indirectly been very good to me over the years.

What I'm getting at is, with regard to the data hack specifically, I'm not sure how much blame AM deserves. I'd agree the fees to be removed were a very aggressive business model, that I personally wouldn't have chosen, but there seems to be a big leap from that to blaming them for being hacked.

Dump 2.0 just got released. It includes more user data and executive email information according to reputable sources:
Ashley Madison leak 2.0: new dump is twice as large, and includes CEO's emails - Boing Boing

They had their run and now it's tarnished. will take quite sometime if any to recover.lawsuits will eventually wipe em out

I honestly think the way AshleyMadison conducted it's business contributed to the hacker's motives. To say AM is shady is an accurate description. The data removal fee which is ridiculous in itself because they essentially held people's private info for ransom, probably drew the ire of the hacker group more when the hackers discovered all those data that was supposedly should have been deleted was still on the AM servers. What motives did AM have to keep storing data that people already paid $19.95 to have AM remove them. It should have been a simple delete and it would have saved AM tons of database/hard drive space to removed the said data. Yet they kept them for reasons unknown while collecting $19.95 from the member. It's just one of the things that is mind boggling and shady for them to do. It definitely didn't help their cause because once the hackers saw this, along with whatever else they were already peeved off at AM about, the "deleted data" still being stored by AM made the hackers even more determined to release the info to put AM in a more shady light in having to explain why they still had the data on their servers. And to this day, AM has not addressed why that data is still on their server.

does it show what guys were pretending to be girls ? :Graucho

great thread

I think this is a great idea!

anyone see this?

Ashley Madison Is Sending Out Bogus DMCA Takedown Notices

I saw that and it makes no sense. They were against AM allegedly screwing people with this $19.95 thing. So they release everyones info. I think it was just the excuse they used. I had also read their database was like a kid in school wrote it. I think they cared less about being bullet proof like most companies until after the fact. Now chances are they are done. So was going for the cheapest programming worth in the end?

I agree with Tony. What the hackers did was release everyone's data, which makes no sense if they were doing it due to concerns about people's data. Had they deleted data, or only released executive emails then that claim would make more sense. The way this played out, it seems like a thin excuse for what they did. Keep in mind, I'm not condoning the data removal fees, I'm just not convinced they were the real reason for the hack.

Public perception of online dating has been going sour for the last several years, possibly with the exception of the more known sites that take their advertising to prime time television (think eHarmony).

Fake profiles and imprisonment of offenders making headline news have contributed to this lack of trust and the Ashley Madison events have made things considerably worse. The online dating industry is going to have to roll with this and clean up their image.

Chris, how would you suggest they start to do that? Cleaning up the image of online dating seems like a great goal, but I'm not sure television ads would be the answer. Any concrete ideas on steps dating sites could take to clean up their image, or differentiate themselves from this Ashley Madison mess?

I think the whole "adult dating" or "porn dating" style of site needs an overhaul. A more respectable and serious image needs to emerge. Does anyone still believe that there are X amount 18 to 20 year old hotties standing by and waiting to hear from you in the area of your IP? The sites need to adapt a more serious approach.

Great find Richard! If true it seems people are angry that AM data has been compromised, but are also angry at the steps AM has tried to take in response to curtail the spread of that data. I agree it's a big stretch of what DMCA is intended to be used for, but if people agree this is private data that shouldn't be public, is their overreaching use of DMCA as a way to get it removed from some sites actually a bad thing?

You just ruined the morning of several GFY readers... ;)

On a more serious note, I know people who have found dates through sites like alt.com, POF, and AshleyMadison. Those same people tried those sites because eharmony and okcupid had failed them. I also know gay sites like adam4adam are wildly successful at generating real dates with 'local hotties' if you are interested in finding a man. So, I'd agree some of the claims made are overstated, but I wouldn't say these sites are all completely ineffective. I'd also suggest their inability to protect user data is a different (and bigger problem) than the fact that many seem to overstate their success rate for new users.

I never said they were ineffective. I'm sure they are quite effective, but the fallout here won't make them more so. The advertising material and site tours will have to illustrate how the user can trust them with their personal info.

Why would AM have stored credit card numbers? Absolutely no reason to do so.

And ^^ the only site maybe gets hookups is adamforadam because it is gay men. Finding a gay man willing to meet is like finding a cheeseburger at mcds.

I agree gay adult dating is more likely to yield results, but isn't it also more likely to service clients who are particularly concerned about the possibility of data insecurity? Meaning, isn't some married dad on the down low now much less likely to enter their info on a gay dating site because of the AM breach news than a straight single guy looking to get laid with no worry whether somebody finds out he has a dating profile on a hookup site?

to answer your question, seems more like an ill-advised PR move than anything else.

I thought there was some serious legal ramifications for issuing DMCA notices that are not valid?

I'd expect they would argue this is proprietary data and they'd lose, but I doubt they would get slapped for doing it. Would love to hear from one of the attorneys on GFY in that regard...

Haha! Now that was a good one. :D

One of the questionable things about this is if AM has a copyright filed with the US copyright office for the database. Curioser and curioser....

If a giant as Ashley Madison isn't safe ... what's left for the little guys??

Sure was :thumbsup