Reports of stolen Ashley Madison data being posted publicly have now surfaced. The data was stolen last month and shortly thereafter the hacker group responsible threatened to release the data publicly-- if the Ashley Madison website (and affiliated site Established Men) were not taken offline entirely. On Tuesday night the alleged data was released via the Dark Web and BitTorrent. Numerous sources have indicated that the data dump is indeed the real thing.
Many users who relied on the site's promise of privacy may soon find themselves in hot water. That said, Ashley Madison at times never bothered to confirm email addresses being used to register accounts. So, in other words, virtually anyone could register an account using someone else’s email address. Whatever you feel about the breach data being posted publicly, the fact remains that personal and financial data was stolen. With this breach, the hackers only exposed the last four digits of credit card numbers in the data dumps. However, if you suspect that your credit card data has been compromised in a breach you should follow these tips:
- Notifying card issuer of potential breach,
- Monitoring cards accounts closely (this can be done by checking statements online regularly and implementing purchase notifications via text or email for all purchases),
- Credit report monitoring, and
- Requesting a new card number (an EMV card if it is offered).
Data breaches are showing no immediate signs of slowing. However, the adoption of chip and pin technology here in the U.S. should eventually have some positive impact in reducing these events because it’ll significantly limit how stolen card data can be monetized by the criminals. Currently, card thieves can recreate the basic ‘magnetic strip cards’ (that the majority of us still use) very easily and at a low cost. These cards can then be used to make fraudulent transactions. On the other hand, a chip and pin (EMV) card can’t be easily or cheaply reproduced. This hampers the thieve's ability to monetize the stolen date by limiting them to non-card-present transactions only (once the technology has been widely adopted by retailers). However, this breach does not appear to be financially motivated but done with hacktivist intent--at least in the minds of the perpetrators.