Slashdot Mirror
Ashley Madison Hack Claims First Victims
wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there.
Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
This should create the head of steam required to get some legislation passed to make companies and specific executives SUFFER if they screw up their data security. Ultimately that means if an executive is advised that a system is insecure, fails to act and it gets hacked, the executive needs to personally liable, with a small taste of prison. It happening once is all that is required....
While I believe that there might be some people who had no "morally" dubious intents, I fail to see why anyone with a traditional moral compass would sign up for this website.
Even if you are not married and simply looking for a one nighter, you are still signing up to site where married people are looking for an affair. It is right on their main landing page: "Life is too short, Have an affair". While it sucks for them, I feel it difficult to feel pity for them when signing up to a website which main intend is to make is to make it easy for people to cheat.
The other people could have simply signed up for a different website where the main intent is not cheating. It seems there would be plenty, and none of them are getting hacked
" one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there."
At the end of the day these people signed up for a site whose primary market is marital infidelity. I feel a bit sorry for the woman referenced above, but I also have to wonder if the partners of the people she's "engaged with" on AM were as accepting as her husband was. I kind of doubt it.
There are a lot of other sites out there that don't specifically target cheating that she could have used instead. By choosing to have her hookups through that site she was pretty much guaranteeing that she was actively screwing around with someone else's relationship.
Rest assured that the new legislation will make hacking a crime worthy of being hung, drawn and quartered while at the same time not changing anything about how corporations have to secure data, or even (god forbid!) be punished for having sloppy security.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
People paid him to have their personal info deleted. He took their money but did not delete anything. Put him in prison for fraud.
So the message is "shut up and live a lie in your repressive regime"?
Be careful what you wish for. You might have to do it soon.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is not puritanism. This is looking down on people who make commitments they don't keep. There exists a way for a married person to declare that they no longer intend to maintain fidelity, it's called divorce. There is also swinging for couples that mutually choose that. AM is instead dedicated to people who vowed fidelity and unilaterally choose not to honor that vow.
If I leave my door open, and my stuff gets stolen, I am the one who has been punished.
If some asshole corporation fails at security, and my stuff gets stolen, I am still the one who has been punished.
See, the stuff being stolen here ... It's not the property of the corporation, and they're not the ones who suffer when it is stolen. They've deemed themselves trustworthy to hold onto your data, and failed to safeguard it.
Oh, sure, they might get a little bad PR, and the stock might slip a little. But that asshole executive who decided security was too costly? It's not his data being stolen, and it's not him who has to deal with it.
So he, being an asshole executive, says "wow, we're not really sorry but if we say it will you shut up and go away?"
This is more like I've got stuff in my safe deposit box, and the bank gets robbed, and the bank say "wow, that's totally not our fault".
Your analogy sucks.
Corporations failing to protect the private and sensitive information they have been entrusted with are not the fucking victims, and they don't get to play the victim card.
Lost at C:>. Found at C.
How stupid do you have to be to misunderstand the parent post so badly? Adequate data security stops all but the most skilled hackers. Laws are already in place to force corporations to act better than they otherwise would in other areas and there is a good case to be made that that should be the case with data security as well. When you're responsible for other people's personal details, you have to act responsibly and have proper data security. Just like airlines must follow safety regulations and are penalized if they don't, corporate executives should be held responsible if data security is neglected. The main question is how to formulate it into a law and the parent proposed a solution which I don't fully agree with but I do agree with the idea. We've seen it happen over and over and over again - corporations need to be held in a short leash through laws because their ultimate incentive is always shareholder wealth. A bad reputation is nothing that a good PR campaign won't fix cheaper than preventing the problem in the first place.
I agree. If any, the guilty here is AMs poor security and data management. And its nothing new, people cheat, we are good at it . I think it's a little over the top to "make a new life because... Oh the shame".
"If anyone"? That's overboard. I agree that to a degree, AM is complicit due to their poor security and negligence with their clients data, yes, but still the truly guilty party here, quite simply, is the one who actually committed the crime and stole data they were not entitled to. I'm a fool if I leave my house or car unlocked at night; nevertheless, if someone breaks in and steals stuff, they have committed a crime, not me; I was naive, negligent, careless, but I didn't steal anything. Granted, I'd feel more culpable if I had several friends' gear in my house or car that got stolen, as that's less excuse to be so careless, and some responsibility must be shouldered in that case, but still, I am not directly responsible for the behavior of a thief, he is. The thief must still be found and held accountable. That is not debatable.
I ask because many times on here when talking about people stealing songs the argument is always brought up that nothing was actually stolen since the original owner still had the song. Therefore, there was no theft but is instead considered "sharing".
If the above analogy is correct then there's no problem. Nothing was stolen, only shared because information wants to be free. So which story are we going to use today?
You are (deliberately?) conflating theft with copyright infringement. That's your first mistake. By illicitly sharing a copyrighted song you are not stealing from the copyright owner. You would be infringing their legal right to control distribution. If they took you to court for that, you would not be charged with theft (a criminal offense). You would be charged with copyright infringement, which is a civil tort. By calling it "stealing" (a tactic designed to make it sound worse than it is) you are actually contradicting the very laws that created copyright in the first place!
The data copied from the AM breach is not part of a copyright dispute. The people affected did not have a copyright infringed. The people affected had their privacy infringed. They were not intent on selling copies of that data for money. They were intent on keeping that data secret.
See, just because both issues involve the loss of control of some data, does not mean they're the exact same thing. This, again, is you conflating two separate issues in order to make a point that isn't valid. If you are passionate about copyright issues that's great, but it's obviously clouding your judgment and causing you to be the guy who has only a hammer and thinks therefore everything must be a nail.
Eating pussy is also illegal in NC. Who cares?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
If you store other peoples' shit in your home for money, damn right you are responsible for its security. Nobody cares if your own stuff gets stolen.
My wife has a yarn store and import/distribution business for fancy schmancy yarns. We have customer data, not by choice, customers demand it for their convenience. I happen to be a security/crypto type engineer. So we worked out what the plan was based on the notion that a yarn store is helpless in the face of electronic warfare.
1) Outsource anything touching PCI-DSS. The payment card machine doesn't attach to the computer. The online payments are through a service that handles the card data on their servers while appearing to be on our web site and PCI-DSS compliance is part of their service. PCI-DSS sucks (I've read the specs - It's not pretty). But it's what we have. So pay someone else to hold the responsibility who on the surface may be better positioned that a yarn store to handle such data.
2) Don't keep customer credit card data on a computer. Use other means.
In general, there's nothing anyone can do who isn't deeply involved in computer security and cryptography, which on average is everyone. Those few who are involved in the intersection of retail and computer security are disempowered by the payment card companies who dictate terms, avoid liability and push absolutely useless security standards on the rest of us.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.