Back in 2015, Ashley Madison was hacked by a vigilante group which demanded that they terminate the service entirely. According to the hackers, the infidelity site was making money off of other people’s pain and had to discontinue its service completely.
Avid Life Media, the parent company to Ashley Madison, failed to comply to the hackers’ demands, and so in August the same year, the hackers released the information of more than 37 million people around the world. The data included information such as names, marital status, credit card details, locations etc. It was released on BitTorrent, and the incident led to several cases of suicide around the world. People who had signed up to the site were reportedly traumatized as they tried to seek help from other parties.
Before the breach, Ashley Madison had claimed to be deleting information on the users as soon as they paid a certain amount of money. After the hacking, it was revealed that they did not remove user data as promised, and they certainly were not as secure as they claimed to be. The data privacy breach resulted in lawsuits that cost the parent company a humungous portion of their revenue. And a loss of trust in the website. To regain the confidence of its members, the site had to take drastic measures, including a rebranding of their image.
Updated and improved security measures
As part of the Federal Trade Commission (FTC) settlement, Ashley Madison had to implement a comprehensive data security program. This will have to involve third-party assessments, as well as other steps to prevent a similar incident from happening. Here are some security measures the company implemented following the settlement:
This adds an extra layer of security beyond the username and password. With this form of protection, Ashley Madison will be able to tell whether it’s really you who is trying to log into your account. The service will require you to enter some information or answer a security question. This way, hackers may be able to guess your password correctly, but they will not be able to bypass the second requirement.
A bug bounty program
Websites can have vulnerabilities, some of which may be unknown to the owners of the site. Ashley Madison has implemented a bug bounty program to help locate these vulnerabilities before they can be exploited by hackers. In this program, people who report bugs in the site are compensated and recognized by the company accordingly. Bug bounty programs are used by large companies like Facebook, Reddit, Mozilla, and Google, and they have been proven to be effective at eliminating vulnerabilities.
NIST cybersecurity standards
NIST is a non-regulatory government body that promotes technology, science, and standards in ways that increase security. There are several steps the company has taken to make sure it complies with the NIST cybersecurity standards. For example, it now categorizes data and information that they need to protect. They also develop a baseline for the minimum controls required to protect that information.
The infidelity site now monitors their security standards in order to identify and respond to threats promptly.
The implementation of these security measures has dramatically helped to restore confidence in the company. They have reported a sharp increase in the number of daily active users since 2017. After the breach, they had tried to keep a low profile and even changed their slogan from ‘Life is short, have an affair’ to ‘Find your moment’. Many profiles were deleted in this period as customers were afraid, they would be exposed by the hackers.
Even those using the best VPN’s were worried that the hackers would finally discover their actual identities. In this case, using VPN’s would not secure your information- it would only help to fool the site.
Regaining their place in the business of adultery was an uphill battle from there. They had to spend a massive chunk of their revenue in settling lawsuits. But the biggest battle was regaining their users’ trust. Especially after it was revealed that user information had not been deleted even after paying the asked-for fee.
In 2017, the company appointed its former chief technology officer (CTO), Ruben Buell, to the president of the company. Buell embarked on a mission to clean the tainted image of the company and strongly publicized the company’s new security policies. The changes listed above have helped people regain trust in the service. In that year, Ashley Madison reported a 5% increase in revenue. They have about 200,000 daily active users and get an average of 1.4 million new connections every month.
Ashley Madison suffered one of the worst data breaches in the recent past. A group of hackers promoting traditional family values wanted the site to be closed permanently. They eventually released information on the men and women who had joined the site after the owners refused to terminate the service. Ashley Madison had to pay a lot of money in fines after it was discovered that they had violated certain laws.
Needless to say, the company has suffered a significant loss of public trust since the incident. It is only recently that the website has started receiving new members. The number of daily active users is also rising steadily. This increase in the user base is primarily attributed to their enhanced security.
It goes to show, that it’s always a good idea to invest in top-of-line data security models for your website. Whether your selling dating services or regular retail products, protecting your user data should be number one priority. It’s only then you can come put unscratched when being targeted by malicious hackers.