You’ve probably heard by now that tens of millions of people had some pretty intimate details leaked in the Ashley Madison (AM) data dump. The hack compromised some pretty sensitive stuff, including things like names, dating preferences, passwords, addresses, and even transaction information.
It’s a very nasty data breach. Not only does it implicate millions of people in cheating on their significant others (which is sure to cause some serious domestic issues for many), but it also exposes lucrative personal data to potential criminals, leaving people open to blackmail and other forms of extortion.
Some people are genuinely afraid, and changing their entire lives to protect themselves from possible reprisals. Lawsuits are being launched. There are even reports of people committing suicide, unable to deal with the personal ramifications of this breach of trust. Basically, extramarital affairs just got real in a way that many of AM’s users probably didn’t want or expect.
Many of the risks posed by a possible data breach can be contained by following good account management practices. But this might be too little, too late for many AM users. But there are things people can do to manage the fallout from data breaches in general, and some of these could be used by victims of the AM hack.
One report claims that a police officer took his life after being erroneously linked to the AM dump. Your personal information isn’t necessarily all over the Internet just because a site or service you’ve signed up for has been hacked. So the first thing you should do is find out whether or not you even have a reason to worry. And there’s a nifty online service that can do that for you.
Have I been pwned is an online resource that catalogs information exposed by data breaches. It’s free, easy, and includes data from the largest, most significant data dumps (including the AM data).
Even better, the site recognizes that some of this information can be rather sensitive. So in cases like the AM hack, the data isn’t publicly searchable. They instead offer a notification service that you can sign-up for, which is then used to notify you (via email) whether or not your data was leaked online.
Checking it out can help you verify whether or not you have a reason to be concerned. So don’t panic, and double check everything before doing anything else.
The EU gives its citizens the right to be forgotten, but that’s not an automatic solution to these problems, and doesn’t help people living outside Europe. EU citizens can apply to Google to have links to information removed (and Google will consider requests from other people who have had sensitive information leaked, such as credit card numbers). But the original content must be taken up with the website admins.
So following an “about” link to get in touch with the administrator of a forum, blog, website, etc. is a good place to start. You can also perform a whois search to find contact information. Administrators are, for the most part, free to decide whether or not to honor those requests. In some instances, such as dealing with sexually explicit material posted without the victim’s consent, websites will readily accommodate such requests.
AM’s use of the Digital Millenium Copyright Act (DMCA) has been somewhat controversial. But victims of data dumps can be proactive and use the DMCA on their own. Basically, a takedown request will be sent to web admins on your behalf stating that the data (usually an image, video or something like that) posted belongs to you, and that using it without your consent represents the unauthorized use of your property.
However, the catch to this is that you may have trouble proving that the content is actually your property, or that the content is actually covered by the DMCA. For example, a photo of you taken by someone else could be seen as belonging to them, and not you. And not all information can be protected by the DMCA, so it may not be able to help AM users get their names, email addresses, or credit card numbers removed.
But most websites will respond to these requests in order to avoid additional trouble. There are also paid services that can pursue this option on your behalf that might give your request more teeth, and get better results.
While none of these are guaranteed to get your information removed, they’re good initial steps to follow in case you’re concerned about your personal information getting out in the open. It’s easier and faster than filling out police reports or consulting lawyers, and gives you an option to nip data dumps in the butt before they cause any real damage.
[ Image by geralt | Pixabay ]
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
March 22, 2018