September 14, 2015 at 11:52What conclusions can be drawn from the scandalous hack Ashley Madison
Let's consider the main errors associated with the scandal surrounding the hacking of the Ashley Madison service. He will try to analyze the situation and draw conclusions.
/ photo pbkwee CC
The owner of Ashley Madison, Avid Life Media, was well-known not only for web development and applications, but also for provocative actions aimed at people looking for romantic relationships “on the side”. The theme of Ashley Madison itself was similar and brought good income to the company.
It was an IPO, but at the most inopportune moment, hackers from the Impact Team made an organized attack on the service and the company itself. The result of the hack is the leak of personal data of users and an even more outrageous scandal based on the fact that the service continued to store the data of those who left.
If problems arise, you must not hide information from your customers.
In this story, the situation developed in the opposite way. The company decided to bet that the noise on the Web will settle down and announced a verification of the information published by journalists. At the same time, none of the users were notified about what actually happened. Perhaps the company simply could not fix anything, but even in this she could not immediately admit.
The issues of protecting user data cannot be ignored indefinitely.
Such services are a very attractive target for attackers. Analogs have been hacked many times, but all these stories have not helped Ashley Madison draw conclusions. Moreover, information security experts reported a number of problems with the security of this service, but even personal criticism did not receive a response from company representatives.
In this case, we are talking about a service whose core audience was represented by very wealthy people. The level of their expenses could be hundreds and thousands of dollars. Card data and other payment information of such an audience could not attract attention.
Speaking of attention, the emphasis on a scandalous image of a product should always be reinforced and balanced by efforts both to work on security and to work on reputation risks. In this case, there was a complete failure on both fronts.
Bots are good, but not always.
As an analysis of the information that became public as a result of the hack showed, a significant part of female profiles turned out to be bots, or were managed by moderators of the service. This fact finally “finished” the situation to the point of no return. It will be very difficult to "survive" such a large-scale scandal of the company.
PS A little about the work of our virtual infrastructure provider:
It was an IPO, but at the most inopportune moment, hackers from the Impact Team made an organized attack on the service and the company itself. The result of the hack is the leak of personal data of users and an even more outrageous scandal based on the fact that the service continued to store the data of those who left.
If problems arise, you must not hide information from your customers.
In this story, the situation developed in the opposite way. The company decided to bet that the noise on the Web will settle down and announced a verification of the information published by journalists. At the same time, none of the users were notified about what actually happened. Perhaps the company simply could not fix anything, but even in this she could not immediately admit.
The issues of protecting user data cannot be ignored indefinitely.
Such services are a very attractive target for attackers. Analogs have been hacked many times, but all these stories have not helped Ashley Madison draw conclusions. Moreover, information security experts reported a number of problems with the security of this service, but even personal criticism did not receive a response from company representatives.
In this case, we are talking about a service whose core audience was represented by very wealthy people. The level of their expenses could be hundreds and thousands of dollars. Card data and other payment information of such an audience could not attract attention.
Speaking of attention, the emphasis on a scandalous image of a product should always be reinforced and balanced by efforts both to work on security and to work on reputation risks. In this case, there was a complete failure on both fronts.
Bots are good, but not always.
As an analysis of the information that became public as a result of the hack showed, a significant part of female profiles turned out to be bots, or were managed by moderators of the service. This fact finally “finished” the situation to the point of no return. It will be very difficult to "survive" such a large-scale scandal of the company.
PS A little about the work of our virtual infrastructure provider: