Slashdot Mirror
Ashley Madison Hack Claims First Victims
wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there.
Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
This should create the head of steam required to get some legislation passed to make companies and specific executives SUFFER if they screw up their data security. Ultimately that means if an executive is advised that a system is insecure, fails to act and it gets hacked, the executive needs to personally liable, with a small taste of prison. It happening once is all that is required....
"I am about to be killed, tortured, or exiled," he wrote. "And I did nothing."
No, what you did was expose yourself using social media to an authoritarian, abusive government. Realize that or do not.
When you define any extramarital intimacy as "cheating", you've already cut off the debate paths that the victims from the summary illustrate. Not, mind you, that AM's marketing did much to discourage that definition.
But, hey, enjoy your puritanical two-minute hate, and don't worry about collateral damage.
(Posting as AC, even though I've never gone near the site, because I'm stuck with this country's puritanical environment and the consequences it imposes for even talking about ethical decisions that don't fit the standard mold. And, yeah, I guess I'm a bit of a coward.)
While I believe that there might be some people who had no "morally" dubious intents, I fail to see why anyone with a traditional moral compass would sign up for this website.
Even if you are not married and simply looking for a one nighter, you are still signing up to site where married people are looking for an affair. It is right on their main landing page: "Life is too short, Have an affair". While it sucks for them, I feel it difficult to feel pity for them when signing up to a website which main intend is to make is to make it easy for people to cheat.
The other people could have simply signed up for a different website where the main intent is not cheating. It seems there would be plenty, and none of them are getting hacked
" one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there."
At the end of the day these people signed up for a site whose primary market is marital infidelity. I feel a bit sorry for the woman referenced above, but I also have to wonder if the partners of the people she's "engaged with" on AM were as accepting as her husband was. I kind of doubt it.
There are a lot of other sites out there that don't specifically target cheating that she could have used instead. By choosing to have her hookups through that site she was pretty much guaranteeing that she was actively screwing around with someone else's relationship.
Rest assured that the new legislation will make hacking a crime worthy of being hung, drawn and quartered while at the same time not changing anything about how corporations have to secure data, or even (god forbid!) be punished for having sloppy security.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
People paid him to have their personal info deleted. He took their money but did not delete anything. Put him in prison for fraud.
As much as I'd like to drag all the cheap-ass executives who shortchange IT security and reliability with an eye on promotion and their own bonuses into the street and have them tarred and feathered, I can only imagine that such a regulation would have loopholes a mile wide.
What makes a system insecure? The system integration/networking? The software, especially third party software with its disclaimers about "no liability for implied merchantability and fitness for a particular purpose"?
Who judges a system as secure/insecure? If I get a third party to sign off on it, are the execs then immune? How long does a system retain its status as officially secure? Can you patch it with new patches, which theoretically could introduce their own flaws?
How about unknown zero-days? You could judge a system as secure and then a new zero-day appears in some critical security juncture that renders it insecure. Worse yet, what about unknown exploits used for which there are no patches?
To me it smells like Sarbanes-Oxley all over again.
And, of course, don't forget carving out huge exemptions for copyright holders aggressively being assholes^Wdilligent ... there will be one of those.
And one for law enforcement, because hacking is OK if you're law enforcement.
And to protect the children. You can do anything if you're protecting children.
And national security, even if it is unrelated to national security. You know, that way the Stingray devices are still OK.
By the time all of those exemptions get made, it will boil down to "it shall be illegal for any private citizen to exploit the security holes we have ensured are in place", and will be utterly meaningless.
But, nosirree, we can't risk impacting quarterly profits and executive bonuses by ensuring corporations have legal responsibility to safeguard data. That would be like Communism.
Lost at C:>. Found at C.
This is not puritanism. This is looking down on people who make commitments they don't keep. There exists a way for a married person to declare that they no longer intend to maintain fidelity, it's called divorce. There is also swinging for couples that mutually choose that. AM is instead dedicated to people who vowed fidelity and unilaterally choose not to honor that vow.
Yeah I could row in behind this. We need governments in particular but also corporations to enshrine peoples' right to privacy in hard legislation. The net is turning into a sick dystopian version of its original golden promise.
I have put some things online that could be embarrassing. Nothing really earthshattering, nothing I could lose a job over. Back when the "anonymous" nature of the web first started, I was always wary. Maybe not as smart as I should have been, but smart enough. Accounts, posts, passwords, etc. These things are all ephemeral and all can be compromised. I always understood that.
The real question here is why people continue to think of the internet, "the web", and the myriad of online services as secure. I'm not apologizing for what those who have compromised these accounts have done, but really, at this point everyone should know nothing that is done online is secure. There have been too many compromises.
Who has inspired this trust?
Why do millions continue to put faith in something that proves over and over again to be untrustworthy?
That is the real question.
We play the game with the bravery of being out of range
How stupid do you have to be to misunderstand the parent post so badly? Adequate data security stops all but the most skilled hackers. Laws are already in place to force corporations to act better than they otherwise would in other areas and there is a good case to be made that that should be the case with data security as well. When you're responsible for other people's personal details, you have to act responsibly and have proper data security. Just like airlines must follow safety regulations and are penalized if they don't, corporate executives should be held responsible if data security is neglected. The main question is how to formulate it into a law and the parent proposed a solution which I don't fully agree with but I do agree with the idea. We've seen it happen over and over and over again - corporations need to be held in a short leash through laws because their ultimate incentive is always shareholder wealth. A bad reputation is nothing that a good PR campaign won't fix cheaper than preventing the problem in the first place.
100% of the worlds pain and misery come from these people who find glee in forcing their beliefs on others.
Never had a broken heart? Probably never been loved either. Most "puritanical" views really aren't puritanical, they're common sense. If you love someone, you don't hurt them by cheating behind their back. AM is for cowards. Pure and simple.
I agree. If any, the guilty here is AMs poor security and data management. And its nothing new, people cheat, we are good at it . I think it's a little over the top to "make a new life because... Oh the shame".
"If anyone"? That's overboard. I agree that to a degree, AM is complicit due to their poor security and negligence with their clients data, yes, but still the truly guilty party here, quite simply, is the one who actually committed the crime and stole data they were not entitled to. I'm a fool if I leave my house or car unlocked at night; nevertheless, if someone breaks in and steals stuff, they have committed a crime, not me; I was naive, negligent, careless, but I didn't steal anything. Granted, I'd feel more culpable if I had several friends' gear in my house or car that got stolen, as that's less excuse to be so careless, and some responsibility must be shouldered in that case, but still, I am not directly responsible for the behavior of a thief, he is. The thief must still be found and held accountable. That is not debatable.
Look, if you cheat on your wife, that's NOT OUR BUSINESS.
You don't get the right to vilify and laugh and insult someone because they betrayed someone else.
Why do you think everyone has a right to cheat on their spouses, but nobody has the right to the free speech of criticizing that behavior?
Yes, blame the victim because they violated our society's moral code, rather than an actual law.
Worst of all, I have never seen a case where someone cheated on a virtuous spouse. Every single case of cheating I have ever heard of or seen among my friends was one shallow shmuck marrying a clear and obvious player and then getting upset that the player played.
My sister married her law professor - after he divorced his 2nd wife (yes, she slept with him before he was divorced). Surprise surprise, he cheated on her also. What happened to her is pretty much exactly like what happens most of the time.
Why do others not to get to blame the victim, but you do when you think they deserved it?
if the data hackers grabbed ak 47s and stormed the colocation facility and ripped out hard drives, then your analogy works. the company is innocent and the hackers deserve full condemnation
but obviously that's not an analogy to what we happened with ashley madison or other infamous corporate hacks
more like the bank president installed a keypad on the bank vault by a well known manufacturer whose name is written on the keypad and is known to have default passwords on their products. he never changed the default password. or he wrote the password on a post it note above the keypad
the hackers simply punched in the obvious password, walked in and walked out. the hackers aren't innocent, no one is suggesting that. but obviously the bank president is hardly innocent either. his negligence is disgusting
now you have a valid analogy to what we are talking about here, and absolutely the bank president needs to be punished
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Your claim that it is 'puritan' to challenge promise breakers is pure labelling to avoid the issue. Whilst politicians are accepted to lie, there's no reason for the rest of the community to descend to such a level. If a couple makes promises to each other in marriage, it is reasonable to expect them to live by those promises. It is reasonable for society - attempting to encourage couples to stay together so that children get to benefit from a stable background in which to grow up - to challenge behaviour that damages children, and therefore society.
If you store other peoples' shit in your home for money, damn right you are responsible for its security. Nobody cares if your own stuff gets stolen.
“He’s not deformed, he’s just drunk!”
Eating pussy is also illegal in NC. Who cares?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
You are talking about two different coins, not even two sides of the same coin. I believe that if you leave 100.00 on your door step you should not expect it to be there when you get home. The person who took it is not right for doing so, but you are not right for leaving 100.00 on your door step where people would be tempted to take it and in other circumstances would not have done so.
What GP said is that if you leave your doors unlocked and get robbed, people would claim that _you_ should go to jail. Which is not a valid argument since AM is not holding their own stuff, they are holding EVERYONE ELSE'S STUFF!
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
So, a willingness to cheat on your spouse couldn't possibly be indicative of character traits that an employer or the constituents of some politician might find concerning? At a minimum it shows a lack of judgement and a level of dishonesty that may extend to more important things. Not a few politicians and employees have been busted for embezzlement because they needed funds for an extramarital affair.
As to the spouse finding out "someday"... well, I've known people who were cheated on for years and only found out through chance. For some cheating spouses, chance just happened in the form of Ashley Madison.
Look, if you want to play hanky-panky, I agree, that's your business. When you make the boneheaded decision to use a web site to facilitate your shenanigans, don't be surprised at the repercussions of that choice. If large entities like banks and governments have breaches, why would you ever trust some hook-up site with information that could ruin your life? The power of technology can work for and against you...