This week, hackers launched an attack on Ashley Madison — an online dating service geared towards individuals looking for extramarital affairs — and released a massive amount of stolen personal information taken from the website’s servers.
The nature of the data dump makes this an interesting story, and several high-profile Ashley Madison clients (notably Josh Duggar) have already faced public repercussions for their infidelities.
IT news website Krebs on Security reports that many users have received emails with blackmail threats. Here’s an example of a typical Ashley Madison blackmail email:
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..
Given the nature of the leaked data, more targeted extortion attempts will inevitably occur, and tracking the blackmailers could prove difficult — bitcoin is essentially untraceable. Ashley Madison users who receive blackmail threats should report them to the authorities immediately.
The situation highlights the importance of appropriate online security practices. Ars Technica reports that many of the stolen accounts should have been deleted months ago, and Ashley Madison hasn’t released much information regarding the extent of the breach.
Keeping Your Dating Profiles (and Other Data) Safe Online
So, how can you keep your personal information safe when operating online?
“Unfortunately, if you share sensitive information on the Internet, you’re at the mercy of the other party, and this isn’t the first high-profile database breach” said Ben Carmitchel at Datarecovery.com. “Your best bet is to think carefully about what you’re sharing with websites, especially if you’re inputting your name, address, or payment information.”
Datarecovery.com recommends the following measures to protect sensitive data:
- Use Different Passwords for Every Website – Browser extensions like LastPass (lastpass.com) let you automatically generate complex passwords for every site. You only need to remember a single master password, and AES 256-bit encryption protects your passwords from prying eyes.
- Use Multi-Factor Authentication – Many websites offer multi-factor authentication, which prevents hackers from accessing your account with your password alone; a second login gives you additional security, and linking your account to your mobile device or a secondary email account can give you peace of mind.
- Consider Using a Different Email Address – If you’re signing up for a website that you don’t want other people to know about, use a different email address from your primary address. You can easily have the new email account reroute to your everyday email, and the added layer of security can be invaluable in a breach.
“Most criminals aren’t going to spend a lot of time trying to figure out who you are,” said Carmitchel. “Try to make the process slightly more difficult for them, and there’s a good chance that you’ll stay safe.”
- Use Encryption and Secure Deletion for Local Files – Use an appropriately advanced encryption tool to protect sensitive files on your computer — pictures, financial documents, and anything else that deserves the extra protection. If you need to get rid of a sensitive file, use a free tool like Eraser to overwrite the file multiple times.
Datarecovery.com’s forensics division is currently working with several of the owners of compromised accounts in order to determine whether the stolen information constitutes a serious risk. We also offer a secure data destruction service, which is an excellent option for businesses that need to wipe a large number of devices quickly.