Ashley Madison dating site to pay $1.6-M over breach

WASHINGTON - The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

Ashley Madison's Canadian parent company Ruby agreed to the penalty to settle charges with the US Federal Trade Commission and state regulators for failing to protect confidential user information.

The settlement comes after a hacker group last year released what was said to be personal data on millions of members of Ashley Madison, who were based in 46 countries. The fallout led to reports of blackmail and even suicides.

The financial penalty, split between the federal government and US states suing the company, would increase to $8.75 million to the FTC plus $8.75 million to states if Ashley Madison fails to abide by new information security practices and refrain from misleading consumers.

"This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide," said FTC chairwoman Edith Ramirez.

"The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users' personal information from criminal hackers going forward."

NO COMPENSATION
Ramirez said the penalty being paid is too small to allow for "redress" or compensation to affected consumers, noting that compensation is rarely obtained in data security cases.

"We want them (the company) to feel the pain, we don't want them to profit from unlawful conduct," Ramirez told reporters in a conference call.

But she added that "it would not serve the public interest to put them out of business."

Earlier this year, the dating website -- whose motto had been "life is short, have an affair" rebooted, calling itself an "open-minded dating" service.

The company said at the time it will no longer use female "bots" or automated programs that respond to members pretending to be women on the hunt for men.

According to the FTC complaint, until August 2014, operators of the site lured customers, including 19 million Americans, with fake profiles of women designed to convert them into paid members.

The company failed to adequately protect users' personal information such as date of birth, relationship status and sexual preferences, according to the complaint.

The company confirmed the settlement, saying it would help it move past the hacking episode.

"Today is a pivotal day for our members and for Ashley Madison," said a statement from Ruby chief executive Rob Segal.

"Today's settlement closes an important chapter on the company's past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company."

The settlement followed an investigation in cooperation with consumer protection authorities in Canada and Australia. Thirteen US states plus the federal District of Columbia joined the lawsuit.

source: news.abs-cbn.com

Ashley Madison boss steps down after data breach

OTTAWA, Canada - The chief executive of dating-for-adulterers website Ashley Madison stepped down on Friday after hackers leaked its membership list online.

Parent company Avid Life Media, which operates the infidelity network, said it and CEO Noel Biderman were in "mutual agreement" about the split.

"This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees," Avid Life Media said.

The firm, meanwhile, is "adjusting to the attack on our business and members' privacy by criminals," the company added, vowing uninterrupted member access to its website.

Other senior managers will step in to fill the gap left by Biderman's departure until a new boss is appointed, the firm said.

A hacker group calling itself the "Impact Team" last week released emails and user account information of members stolen from the company's servers, as well as corporate emails and sensitive computer source code.

The gang claimed it wanted to bring attention to the fact that Ashley Madison was charging clients a fee to delete their personal information but was in fact archiving it.

Canadian police have said two possible suicides, including one by a Texas police officer, may be linked to the leak of the website's 32 million members' personal data.

The breach has also stirred concern the potential for blackmail. Privacy watchdogs in Canada and Australia are jointly investigating the leak.

Police in Toronto, where Avid Life Media is based, along with the Royal Canadian Mounted Police, the Ontario Provincial Police, US Homeland Security, the Pentagon and the American FBI are also probing the most talked-about hack of the year.

Calling it "one of the largest data breaches in the world," Toronto police Staff Superintendent Bryce Evans told a press conference last Monday it "will continue to have a longterm social and economic impact."

He warned of "spin offs of crimes and further victimization" including extortion attempts.

Although there has been no measurable uptick in business for divorce lawyers, Internet reputation and public relations consultants said their phones have been ringing off the hook from cheaters in crisis seeking help.

Celebrity casualties include Josh Duggar, the 27-year-old star of a Christian family reality TV show who has blown nearly $1,000 on two Ashley Madison accounts since February 2013.

However, an analysis of the leaked data by news site Gizmodo showed little if any activity from the purported 5.5 million female members of Ashley Madison, who were online with an estimated 31 million male subscribers.

The data, which was released on the "dark web" and is not easily accessible to most Internet users, suggests the vast majority of profiles of women on Ashley Madison were fake, or created by automated "bots."

Gizmodo traced many of the IP addresses for females back to Ashley Madison itself. The most popular female last name on the site also matches the name of a former employee.

Avid Life Media has declined to comment on the report.

But if true, the data would suggest the website facilitated very few extramarital affairs.

Avid Life Media is offering a Can$500,000 ($375,000) reward for information leading to the arrest of the hackers.

In turn it is being sued by a disabled Canadian widower who says he joined Ashley Madison "in search of companionship" after losing his wife of 30 years to breast cancer.

source: www.abs-cbnnews.com

Cheating website relieved it is not being judged after hack

TORONTO - Cheating spouses website AshleyMadison.com, facing hackers' threats to leak clients' nude photos and sexual fantasies, said it is heartened by some initial public response that sees the site as a victim.

The website's Canadian parent, Avid Life Media, confirmed a breach of its systems that has put the real names, credit card information and other details of as many as 37 million customers at risk. Avid Life said it has since secured the sites and closed unauthorized access points.

The dating website company has hired UK cybersecurity firm Sycura to investigate the breach, first reported by the KrebsonSecurity blog, and is working with police to trace those behind the attack, spokesman Paul Keable said.

AshleyMadison.com, which uses the slogan "Life is short. Have an affair," has been planning to raise up to $200 million through an initial public offering on the London Stock Exchange.

A group calling itself Impact Team said it had taken over Avid Media systems, including customer databases, source code, financial records and emails, according to a screen grab shown on the KrebsOnSecurity blog.

"Shutting down AM (Ashley Madison) and EM (Established Men) will cost you, but non-compliance will cost you more," the hackers said. Established Men, widely described as a "sugar daddy site," is another Avid Media property.

The hackers leaked snippets of the compromised data online and warned that they would release customers' real names, profiles, nude photos, credit card details and "secret sexual fantasies" unless AshleyMadison and EstablishedMen.com are taken down, Krebs said.

CUSTOMER PRIVACY CRUCIAL

"There's a very strong narrative that criminal activity, vigilantism, is not the way forward, because who gets to be the judge and jury?" Keable said at Avid Life's midtown Toronto offices, citing articles in what he called "major media outlets."

The hackers said that a "paid delete" function will not remove all information about a member's profile and communications.

Avid Life said that claim is untrue and it would offer the function free of charge following the breach. The dating website owner has about 160 employees, mostly in Toronto but also in Cyprus, Brazil, Japan and elsewhere.

Keable said it was too early to estimate the damage to the company's business model or IPO plans from the breach.

But one Canadian investment banker, who asked not to be named, said the breach could put those plans at risk.

"There are a lot of risqué websites that are looking to go public, the problem here is that the way Ashley Madison works is it puts customer privacy as tantamount, the fact that you have a hacking scandal at least temporarily puts the kibosh on any IPO plans for them," the banker said.

In an interview with KrebsOnSecurity, Avid Life Chief Executive Noel Biderman was cited as saying the company suspected someone who had access to internal networks as being behind the breach.

"It was definitely a person here that was not an employee but certainly had touched our technical services," he said.

Unauthorized posts and images on the website detailing the hacker's demands have since been removed.

"We apologize for this unprovoked and criminal intrusion into our customers' information," Avid Life said.

The breach comes about two months after dating site Adult FriendFinder was compromised. That site has an estimated 64 million members.

source: www.abs-cbnnews.com