Ashley Madison hack: Industry reaction and analysis

Yesterday it emerged that anonymous dating site Ashley Madison - where married individuals go to seek out affairs - was the subject of a huge hack attack by hacking group "The Impact Team"

The group reportedly stole personal information from 37 million users, including names, addresses and credit card details.

Various industry professionals have offered their analysis of this latest high-profile data breach, all of which can be found below.

Marta Janus, security researcher, Kaspersky Lab:

"The news that Ashley Madison has been hacked highlights the need for all companies to enact security measures to prevent cyberattacks and therefore protect their customers' personal data. Users that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure manner and all companies who handle private data have a duty to ensure it.

"Any security breach resulting in a leakage of private data is equally bad – no matter if the website is considered “unethical” or even illegal - as the affected users might not necessarily be guilty of any illegal/unethical activity. In the case of Ashley Madison hack, the leaked data contains information like real names, addresses and the credit card details, which makes it quite a serious issue, as once it's public, cybercriminals could use it to steal money.

"There are a number of reasons why a company could become the victim of this kind of attack, such as financial, political or as appears to be the case here, ethical. What is important is that companies understand that anyone can be targeted by cybercriminals, and whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures to be taken in order to provide thorough protection.

"These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. The best way to combat these types of cyberattacks is at the beginning; by having an effective cybersecurity strategy in place before the company becomes a target."

Tod Beardsley, security engineering manager, Rapid7:

Ashley Madison is simultaneously one of the most popular dating websites on the Internet, and the one its users are least likely to openly admit to using, for obvious reasons. The news of this latest breach underscores the need for popular site maintainers – regardless of content – to take seriously the storage and transmission of personal user information.

"Any popular, paid online service represents a tempting target for criminals for the usual collateral: the millions of credit cards and associated personally identifying information, as well as the email addresses and passwords that are often reused elsewhere.

"On top of this, dating sites also host millions of intensely private scraps of user data. Users of these services may routinely share risqué photos, checklists of sexual preferences, and patterns of romantic activity that they consider deeply personal. Because of this, any breach involving a dating site comes with a built-in “ickiness” factor. Dating site users are likely to feel more violated after a breach than those caught up in a retail or government website breach, and they are less likely to reach out for help and advice on how to manage their identity information after a breach. For Ashley Madison users in particular, this tendency to suffer silently is all but guaranteed.

"As uncomfortable as it might be, Ashley Madison users are encouraged to examine their password-reuse habits, consider more robust password generation and storage practices, and treat with suspicion any communication that appears to come from the compromised service."

Dr. Chenxi Wang, VP of cloud security and strategy, CipherCloud:

“This hack may just kill Ashley Madison. The hackers are demanding the company to shut down or face public release of the very personal details of all of its 37 million customers. This puts AM between a rock and a hard place if it continues to operate. It’s unthinkable for any business, especially one that runs on discretion and trust, to betray its customers’ confidentiality.

"Trust is essential for e-commerce to work. But already, we’re seeing multiple areas where the company’s credibility for trust has been broken. It claims to “invest in the latest privacy and security technologies” yet the breach uncovered extensive information – names, credit card numbers, nude photos, etc. And a breakdown in the company’s own technology is evident. For example, the profile delete service – which Ashley Madison charged $19 for – failed to work.

"The deeply personal nature of this hack hits home. As extramarital affairs come to light, the number of victims will multiply to include affected families. The longer the company continues to operate, the more the damage done."