There are lessons for every business in the Ashley Madison hack

At the end of July, news broke that Ashley Madison, an extramarital dating website, was hacked by a group calling itself The Impact Team. It warned that if the website’s parent company Avid Life didn’t shutter operations at the site, the hackers would go public with data from millions of users, including home addresses and credit card information.

The compromised data caused enough headaches for site users and developers in itself. But since Ashley Madison’s customers obviously wouldn’t want to promote the fact they were using the site, the hack had consequences that were even more severe. Moving forward, what takeaways can we glean from this debacle?

No business is immune to problems

Maybe your company already has a robust data security plan in place. If so, that’s great, and shows you’ve given some serious thought to possible consequences and how to avoid them.
However, it’s important not to fall under the impression that if your business is small, you’re less likely to be threatened by data breaches. Statistics show even if your company has less than 250 employees, it still has a 45% chance of being struck by a phishing attack. As you can imagine, the likelihood goes up as a company gets bigger.

Insider theft is becoming more common

A few years ago, data hacks occurred more often when people left their laptops unsecured or didn’t log out of accounts on public terminals. Those are known as “mistake breaches.” While they still do make up a large portion of data breaches, instances where someone has insider access to data and decides to leak it are growing.

In the case of the Ashley Madison hack, company executives said the hacking was not a result of someone directly related to the company, but a person or group of people that had a greater knowledge of the website’s technical infrastructure than an average layperson.

You shouldn’t rush a launch process in an effort to make quick profits

If your company has a finger on the pulse of what’s hot and you’re especially eager to start making money on a great concept, app or product, you may be tempted to get going without thoroughly checking to ensure you’ve tackled all known potential security flaws.

Data says 98% of applications have security holes. That’s a strong reason to be vigilant in fixing any identified security shortcomings before it’s too late. Company executives often think there’s no harm in getting a website or app to a minimally acceptable standard, and then making improvements as customer feedback comes in. However, that approach can be dangerous.

Be careful what you promise customers

Ashley Madison’s users were given the option of paying a fee to supposedly scrub all their details from the website’s database. But the site’s hackers alleged that those identifying characteristics people were so keen to erase weren’t actually deleted after all.

Last year alone, the “full delete” feature earned US$1.7-million in revenue for the team behind the Ashley Madison website. However, even when people paid for what they thought was extra protection, the hackers revealed that users could still be identified by things like their credit card information and addresses.

Avid Life disputed that claim, and said anyone who pays for it will get a “hard delete” of his or her profile — one that not only throws out revealing personal details, but gets rid of the messages and photos users may have sent to others. In an effort to make reputation repairs in the midst of this PR nightmare, Avid Life now promises all site users can get the full delete feature for free.

This part of the fiasco is a great example of why you should never offer a service without being able to stand behind the assertion that it’ll meet expectations. The executives at Avid Life probably never envisioned a scenario that would force them to defend the claim that Ashely Madison’s users were truly getting their details deleted after paying for that perceived extra bit of protection.

Although the aftermath from this data hack is far from over, there’s plenty of useful insight you can gain from what’s become known in the early stages. It’s especially worthwhile information to know if you’re involved in a tech-based venture.

Image: tookapic



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.