October 7, 2015

Ashley Madison Hack Put Hundreds of Athenians at Risk

The recent data leak of the infidelity website Ashley Madison threw the skeletons of more than 35 million users into the limelight—and almost 40,000 of those were paid accounts that belonged to Georgians.

In order of most paying members by state, Georgia came in at No. 10 (California was at the top), and Georgians spent a little more than $12 million since 2008. The 299 Athens residents with paid accounts spent almost $120,000 of that, according to data obtained by Flagpole. Across the country, Americans spent some $236 million in all to get their cheat on. More than 350 University of Georgia email addresses—both paid and unpaid accounts—were included in the data dump. It should be noted that anyone could sign up for a free account, and the website did not require an email activation for those accounts.

Kyu Hyung Lee, assistant professor of computer science at UGA, says it is "almost impossible" to independently verify that the data is legitimate. "We cannot be sure that data actually comes from the company," he said.

Lee, whose research focus includes system, software and mobile security, as well as digital forensics, software reliability and program analysis, saya private companies spent an average of several million dollars a year in 2014 on digital protection. "People spend a lot of a money, like a few million dollars every year, to prevent attack and to make their systems secure,” he says. “But, you know, there are hackers."

In August, hackers released a little more than 10 gigabytes of user information from the Ashley Madison site when its owner would not shut it down. The hackers demanded that the company shut down for charging a fee for its users to delete their accounts from the site but continuing to keep that data on its servers after that fee was paid.

Incidents of hacking have increased in recent years because of the demand for data on the black market, Lee says. "They require more and more data, email addresses, bank accounts and credit card numbers," he says.

While an email address by itself isn’t enough to identify someone, Lee says additional information—also contained in the Ashley Madison data dump—such as user account numbers, home addresses, credit card numbers and IP addresses—could "most likely" identify the person.

Some of that leaked data shoved state Rep. Allen Peake (R-Macon) into the spotlight when he admitted to having a paid Ashley Madison account last month. Peake wrote in an email to close friends and family last month that it was a “difficult period” in his marriage about two and a half years ago. He added that he would be ”taking some time to evaluate what action needs to be taken” regarding his seat in the state House. However, for now, he said he has no plans to resign.

Fallout from the Ashley Madison hack also included the resignation of Noel Biderman, chief executive officer of Ashley Madison’s parent company; a $578 million class-action lawsuit filed by two Canadian law firms; celebrities and public officials being exposed; and several suicides linked to the hack. In addition, 15,000 government email addresses nationwide were used to access the infidelity website. Despite all this, Ashley Madison said it’s “growing” in a statement to media.

The Atlanta Hawks even jumped in on the publicity with a promotional campaign collaboration with the would-be-adulterer website. In a Sept. 18 media release, the Atlanta Hawks Basketball Club announced they signed “three real-life people” named Ashley Madison to help sell the teams new “10-game flex plans.”

“Fans are encouraged to start a new love affair with the team by customizing their own unique ticket plan to ensure they are at all of the top games during the 2015-16 season and receive the best selection of games, seats and pricing. The three Ashley Madisons are all Georgia residents, comprised of two females and one male.”

As data leaks become more commonplace, Lee advises computer users to take caution when choosing a company to do business with. He adds that it’s best to choose companies “who actually care about security,” and warned that small local banks might not have as strong protection as large companies. However, “there is no perfect solution to prevent all possible attacks,” he says.