When Ashley Madison users logged into the dating website, they were confident that their information was secure but much to their chagrin, their particulars were leaked off to the public thanks to lax security safeguards used by Ashley Madison.
AshleyMadison.com came under the umbrella of Avid Life Media Inc. (ALM) which went through a data breach whereby information of about 36 million account holders at the dating site was leaked in 2015.
Causing an uproar around the world, the leakage destroyed the lives of many people considering the fact that the dating site encouraged infidelity or rather it was a platform for married people to look for a partner to cheat with.
How Security Was Easy to Breach
An investigation was done to determine how the security breach could occur and the findings were mind-boggling, especially considering the kind of site it was.
Some of the findings were that the security framework at ALM did not have the following components:
- It lacked a record of information on its security policies or practices which would have created an environment where security was an important factor as they ensure that training, resourcing, and management were imperative to the security of their users.
- ALM lacked a backup management process which would look at possible threats to the site, assess the security measures taken by ALM to ensure that they were strong and could resist an attack.
- The staff at ALM did not have the required training to enforce the process of making sure that the privacy and security of Ashley Madison were not breached.
All in all, ALM took a lackluster approach to protecting the privacy and the personal information of the millions of users of AshleyMadison.com.
The lack of an active risk management process that would safeguard the personal information of the many users of a site was the downfall of AshleyMadison.com.
The lack of proper training, setting up proper policies, documentation, oversight, and lack of authority to make decisions caused this whole thing to unravel. In general, ALL business should be able to protect themselves fully for something like this not to happen and for ALM; they basically took a back sit on security and privacy.
As much as they did have some sort of security measures, those measures were not adequate enough for an onslaught of this magnitude. The people who set it up and approved it did not pay attention to the kind of risks that they could come across. These put them on a lull and they could not anticipate a breach that basically killed the business, a risk that a business of this magnitude could not afford to take.
The lack of a strong security framework was not the only reason the security and privacy of ALM were breached. It’s laughable single factor authentication and poor key and password management practices led to its fall.
Lawsuits from the Users
Apart from the very lax security measures undertaken by ALM and their very inactive approach to protecting the users who were logged into AshleyMadison.com that will cause them to lose a lot of money, ALM will also have to deal with lawsuits from the millions of users whose information and profiles were laid out on the table for the world to see.
All the users had their reputation tarnished (go figure) and ALM will have to pay up if they will not be able to sufficiently prove that there was no harm was done, which will be very hard considering.
There will also be lawsuits from the people who had paid Ashley Madison to have their names removed from the website but it turned out that the company’s “full delete” feature is just that, a feature. Those peoples credit card information was still in the system, exposing them as well.
Lawsuits of false claim could be filed and ALM might get slapped with a deceptive trade charge.
Complications Facing ALM
The above lawsuits are most likely to be filed in the United States of America. But it is a site that was used worldwide, many lawsuits will be coming from different countries around the world. Different laws will have to be considered, some of which are more stringent than others.
To handle a case of this magnitude, which will move across the globe, considering that a lot of the users came from outside the United States might have quite an effect on the legal fees.
Holding on to the information of the tens of thousands of people who had paid to have their user profiles and personal information scrubbed from their system was should not have happened at all.
It is things like that that will get a company sued but ALM and especially Ashley Madison did not pay much attention to that factor. They did not undertake very good data protection measures that would have saved them a lot of trouble and money.
All in all, this is a lesson to all businesses out there. As we watched Ashley Madison go down because of bad security measures and very bad data policies, many wondered whether there will be another Ashley Madison and whether the new one would be able to withstand the kind of storm Ashley Madison and its umbrella company is going through.
However the case goes, it is quite definite that this hack and security breach has rattled the web and it will take a while before the same kind of site is up again. Because if it does come that a newer Ashley Madison type website comes up, they will have to have a strong security lock and unbreakable data policies. They will also have to have a very good team of staff that is well versed in securing a site of that magnitude from such attacks.