Following the Ashley Madison data breach story, new reports have shown that some users including members of the Ministry of Defence have used their work email address to sign-up to the website. CensorNet and Tripwire commented on the it also seems reminiscent of the Sony breach which also appeared to have personal attack overtones.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of IT Security and Risk Strategy at Tripwire :
“The release of this information in such a public way precludes any blackmail motivation. You can’t blackmail someone if the data is already public. The tough questions are likely to come after the data has been digested an analyzed. Revelations, recriminations and excuses around individuals will no doubt surface. While the target of the attack and breach may be Ashley Madison, there’s significant collateral damage with the release of so much personal information. The collection of so much data isn’t a simple task. This attack was targeted and persistent.[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst at Tripwire :
“The Ashley Madison breach and resulting data dumps appear to a personal attack, with a goal of retribution. The attackers appear to want to expose and shame the company, ostensibly to push the company toward shutting down two of their most profitable properties. One of their primary goals of this attacks seems to be to embarrass and shame the company’s executives. Unfortunately, The exposure of the users of the site is just collateral damage. Today’t additional release of data, particularly the CEO’s emails, reveals just how deep the breach was and how much of Ashley Madison’s infrastructure was compromised. It also seems reminiscent of the Sony breach which also appeared to have personal attack overtones.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Ed Macnair, CEO at CensorNet :
It is worrying to hear that some of the 36 million people involved in the Ashley Madison data breach, had signed up to the dating website using their work email addresses. It is easy to understand why an individual would choose to use their work address – to avoid the risk of a partner on the prowl catching them out. However, what’s astonishing is that IT departments are allowing sites such as Ashley Madison through their web filters. With so many civil servants, including employees from the Ministry of Defence involved, it raises serious questions about government security.
Ashley Madison registrants need to take care with their details, especially when they are using their work email. The number of potential exit points for data loss has risen rapidly since the emergence of cloud-based sharing apps such as Dropbox and YouSendIt, and the ease in which sensitive information can be transferred via email and cloud-based social apps such as Facebook, Twitter and Skype.
It is paramount that the wider business community protect themselves and their networks with the new breed of infosecurity solutions that go beyond simply protecting those from breaching the perimeter to monitoring potential breaches travelling inside-out from within via email accounts and cloud-based apps. Only by gaining this greater visibility, analysis and control can business alike operate without the threat of their email domain being dragged into such a data leak.[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.