Hackers target cheating site, leak information

These companies experienced an inside hack job that could potentially release somewhat embarrassing information about people that could result in a number of ruined marriages. 

AshleyMadison, Cougar Life and Established Men recently experienced an inside hack job by hacker(s), who self-identify as The Impact Team. They stole important data from Avid Life Media, a firm in Toronto that owns the sites.

The research explained how hackers released maps of internal company servers, employee network account information, company bank account data and salary information.

Although only small amounts of customer data were released, the hacker group wants AshleyMadison and Established Men offline completely. They also claim one feature on AshleyMadison that’s called “Full Delete”, which claims to permanently delete customers’ information from the site, is inaccurate.

While customers can pay $19 to permanently delete their profile information, it doesn’t actually remove their purchase details, which include their real name and address. The Impact Team is threatening to release personal information about users every day that the site remains online.

Although the company is still working to recover, ALM CEO Noel Biderman suggested that the incident may have been the work of someone who was once involved with the company in some way and still had inside access to the company’s networks.

“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman told krebsonsecurity.com. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”

External hacking attempts are always a concern. But when the hacker is someone that was supposed to be given the information in the first place and decided to turn against the company for whatever reason, this makes the job of IT that much harder.

Ways to prevent an inside hack

Chances are you’ve had to partner with outside vendors or contractors who needed access to your systems. That could lead to tension, because you need them to have access in order to get the job done but you are not 100% sure if they are going to do anything illegal once they gain access.

Here are four ways to fight back against inside hacks:

  • Revoke access as soon as it’s no longer needed: Sometimes access needs to be granted to certain people or contractors to get something done, but there’s no reason for their account to remain available after the job is done. Getting rid of their login information right away is crucial.

 

  • Make sure business partners have security: One way to do this is to make sure the businesses you partner with do regular background checks to determine they are hiring safe people. Check their contracts to make sure that they have a plan of action in place in case something like this does ever happen. After all, it could be one of their employees.

 

  • Frequently check the network for unusual activity/old accounts: If you check who’s using the network and something doesn’t look right, a red flag should go up. Be aware of who’s accessing what and what they’re using the information for.

 

  • Require regular password changes: Having a system that requires a password change every few months or so makes it that much harder for unauthorized access to your system. Stagnant passwords also make it more likely that someone will breach your accounts.

 

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy