preview

A Summary Of Ashley Madison's Breach

Decent Essays

Ashley Madison website (www.ashleymadison.com) was hacked on July 15, 2015 purportedly by a group called The Impact Team. This website was a commercial one for married people seeking extra marital affairs. Over 60 gigabyte of data was stolen and compromised from this attack. The compromised data includes critical business data of the parent company Avid Life Media as well as that of the also sister companies (Established Men) and customers’ personal data such as phone numbers, billing address, partial credit card information, names, email accounts, passwords and sexual orientations. This breach affected over 37 million customers spanned around 46 countries. The management of Avid Life media was informed about the hack of their IT infrastructure …show more content…

If the company had enforced OPSEC (Operation security) for account creation on the website, the effect of the breach wouldn’t have been that severe. OPSEC is a method of protecting pieces of data that could be gathered together to make a bigger picture.
Also, it was noticed that weak password was one of the holes that contributed to the vulnerability of the Avid Life Media IT infrastructure. Dean Pierce, a security expert, researched into the situation after the stolen data was dumped online. Dean cracked 4000 passwords in a space of five days. Most of the passwords cracked was in the form of “123456” and “password”. This indicated to me that the website password algorithm was not designed to enforce strong and complex password, which is deemed necessary for the secrecy and privacy involved with the website theme and objective. This is a strong loopholes regarding the company system. Though the passwords were hashed using bcrypt cryptography which consider highly secure but it would have been stronger if complex password policy was enforced by the …show more content…

This obviously opened the flood gate for hackers to come in to the system and hacked. Meaning that if email messages are intercepted by an intruder, then the content of the message will be widely open to the intruder. This was a very strong vulnerability seen in the Ashley Madison system that contributed to the attack.

Assets Affected
The major assets affected in the Ashley Madison breach are the customers. The customers are the critical assets to the operation of the business that must be jealously guided. The credibility, integrity, reputation, trust, and the business continuity could as well be classified as assets to the company, which were all affected as a result of the breach.

Countermeasures
Countermeasures could not be applied on time, though the Avid Life Media management was hinted about the breach and were advised to shut down the affected websites, but they turned a deaf hear to it. They released a memo to the public to intimate their customers and to assure them the situation is under control but unfortunately the attack could not be

Get Access