The Verge reports on the hack of the controversial Ashley Madison website, known for promoting extramarital affairs, and how the site followed standard web security practices and failed to implement simple privacy and security design features, making such a breach "inevitable." The site's password-reset feature allowed other users to see who used the site, for one, and the site kept real names and addresses on file. Johns Hopkins Cryptographer Matthew Green makes the point that customer data is often a liability and not an asset. Ashley Madison's site also charged users $19 to delete their data, "a practice that now looks like extortion in the service of privacy." A column in The Washington Post states that the breach should be a "warning to all of us—cheaters or not," and CBC News reports a “massive class-action” could follow in Canada if hackers publish user information.
If you want to comment on this post, you need to login.