Why Ashley Madison Wasn’t Anonymous Before the Breach

This is a guest post written by Cassie Phillips, A Writer and Technology Enthusiast.

Out of the many big name cyberattacks that have happened this year, none have gotten more press than the Ashley Madison hack (and subsequent information dump). The hack caused a huge stir, ruined marriages, and caused many people to question the security of all of their online accounts. What if a bank were to have a breach of this level? People have dozens of accounts with various services, and it is concerning that security isn’t always a priority.

That all being said, confidentiality was a huge part of Ashley Madison’s marketing campaign. One would think that devices and protocols would be in place so that no one would be able to trace your account. This was an impossible promise given Ashley Madison’s business model, and the company surely knew it.

Why Ashley Madison Wasn’t Anonymous Before the Breach

Here are a few reasons why Ashley Madison was never truly anonymous:

Hackers Could Pick Up Information on Public Networks
Public networks are a major risk to anyone using them. Hackers absolutely adore using them due to the fact that most of them are unprotected and an easy setup allows them to just sit in a café and monitor all the data being transferred over a network. This means that a hacker could have simply taken the account info from an Ashley Madison user browsing on a public network and learned their identity. The same goes for any account; hackers don’t discriminate.

The only way that someone can protect themselves from such a threat (other than not use the Internet in public) is to use a Virtual Private Network (VPN), which is a service that allows people to connect to an offsite secure server using an encrypted connection. The encryption blocks any tools or programs a hacker might use and ensures anonymity on your end of a network (no guarantees on the Ashley Madison side of things, as we’ve learned). If you want to protect your own accounts, you will want to find the best VPN you can.

People Could Find Whether an Email Was Used Beforehand
While the current compendium of every single Ashley Madison user is useful to the last today, anyone previously curious could have learned quite a bit by trying to create an account. It stands to reason that an account might need to have a password reset. Ashley Madison avoided the obvious blunder of confirming that an email account is used on the site, but this article explains another issue. In short, if a person enters a valid email, they get a different screen than an invalid email.

On top of this, a person could always just create a fake account to lure someone out into the open. The vast majority of female accounts on Ashley Madison were fake, and this didn’t stop men from signing up anyway. Chances are, after a while, they’d be desperate enough to fall for a trap. There is nearly always a way to find out an account’s holder online, whether through social manipulation or hard technology. Ashley Madison users learned that the hard way, but you don’t have to with your accounts.

Employees Could Still See User Information
The way that Ashley Madison was operated meant that people’s user information was available to any number of employees working for the website. It would be unprofessional of the employees to disclose the information, but the professionalism of people who work as a website based on deception isn’t something you want to rely on.

The vast majority of security breaches are caused by human error, whether intentionally or unintentionally. You have no control over the employees of other companies that you hold accounts with. Any one of those employees, should they have access, could cause a leak of your data. As long as the data was available to them, Ashley Madison users were never safe.

Your Computer Isn’t Necessarily Safe
Remember that there are two ends from where an account can leak, and Ashley Madison users were probably aware of this. There were probably cookies on a user’s computer containing some Ashley Madison data. On top of this, browser histories and temporary files can tell someone else that a person was using Ashley Madison. A person would have to lock down their computer from outside access to truly have a secure account on their end.

An Ashley Madison user would also have to be suspicious of keylogger and spying programs installed by a (rightfully) suspicious spouse. They would be able to take the login details easily, and the data would be at the snoop’s disposal. No matter what a company does to secure user information, there is an equal responsibility on the part of the account holder to keep it safe. Strong security measures and careful monitoring of your data are a must.

No matter what you do, there is no guarantee of privacy on the internet. There is a way around any defense, and no guarantee can be taken at face value. Are you going to take any steps to make yourself more secure online or improve the privacy of your online life? Do you think that there are any other ways people could’ve found out about someone’s Ashley Madison account? Leave a comment below if you have any thoughts on the matter.

About Author
Cassie Phillips is a writer and technology enthusiast who enjoys sharing her knowledge with others. If you could use some extra tips on online security, she recommends that you check out securethoughts.com, as it is the one of the best resources for learning how to protect yourself online.

Guest Author

Guest Author

Follow @

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x