Ashley Madison’s tagline is “Life is short. Have an affair.” It seems security falls a bit short at the company, however, as millions of customer records were blasted out for the entire world to see in a recent breach. Publicly, there are only theories as to who exactly breached the scandalous operation. It could have been an inside job. Other parties, such as the infamous hacking group Impact Team, are claiming victory over the red-lettered company. But what is apparent is the publicly-published list of 32 million user identities. Additionally, CEO Noel Biderman lost his job, and the company is tackling an insurmountable number of lawsuits.
It has been discovered that bots were communicating with users, and the user population consisted of only a small number of females. In a near-comedic fashion, the website still states it was a winner of a “Trusted Security Award” and offers complete discretion for its users. Their claim of “Over 42,705,000 anonymous members!” on the homepage is as outrageous as the service itself. The stolen list of users is so easily accessible that third parties have already created interactive websites with the names and addresses of the exposed cheaters. Per Ashley Madison’s media page, they “immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.” If Ashley Madison had been more proactive in their methods of endpoint security, they could have potentially been notified of the breach and stopped it before data could have been stolen.
Advanced endpoint security and forensic applications — such as those offered by Ziften — could have potentially saved this company from the embarrassment it has become. Not only could Ziften have alerted security leads of the suspicious network activity in the middle of the night of an attack, but it could have prevented a variety of actions on the database from being performed, all while letting their security team sleep a little easier. Life is too short to let security issues keep you awake at night.