Data Security

Use for data-security posts

How Many Media Company Employees Had Ashley Madison Accounts?

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Happy Friday! Ashley Madison: It’s the hack that keeps on giving. Every day brings a new joy. And here’s this one: The good people at “Gawker” (who’ve been doing a great job covering this whole thing) took a deep-dive into the data, all 9.7 GBs of it. Why? Well, to see how was dumb enough to use a work email as their AM registration email. (Personally, I’m surprised that nobody got called on the carpet after their network got wind of that verification email in their inbox.)

Now, you’d think that most people would know to use a throwaway email for this kind of thing, right? You’d think that, and you’d be wrong. At the time of the data dump, “Wired” reported that 15K+ domains belonging to the government and military were found, comprising .04% of the total emails found.

Here’s what Sam Biddle at “Gawker” found. (Incidentally, no emails registered to the Gawker domain were found).

'Gawker' Ashley Madison Email Data Analysis (Gawker)

‘Gawker’ Ashley Madison Email Data Analysis (Gawker)

So yeah, have some common sense as to when to use your work email. Have a great holiday weekend!

 

How Many Active Female Users did Ashley Madison Have?

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

I’m loving this Ashley Madison hack for the sheer volume of data it’s bringing to light! It makes a numbers nerd like me very happy.

This may not come as a shock (well, hopefully it doesn’t), but Ashley Madison didn’t have a whole lot of active female users. The site claimed to have around 31M+ male users and 5M+ female users. So already, the women on the site are outnumbered by the men at a 6:1 ratio. This wouldn’t be a promising sign for any man who was a registered user. (Side note: Do you think any of the men knew to what degree they were competing with the other men? I’m really curious about this.)

But wait, there’s more: Annalee Newitz at “Gizmodo” crunched some numbers on on-site interaction between members (and made some fun bar graphs), and the results trumpeted the sex ratios loud and clear. Some examples: For every woman that checked her messages, 20 men did. For every two women that used the online chat system, 11 men did.

With those numbers in mind, how many of these men interacted with a bot? My guess is quite a few.

Two Suicides Linked to Ashley Madison Hack

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

We’re beginning to see some fallout from the Ashley Madison hack from earlier this month: Police in Toronto, Canada, have reported two suicides related to the hack, and are undertaking further investigation of the cases.

Reports of the number of Ashley Madison’s users range from 30M+ to 37M+. With those numbers in mind, these two suicides constitute between .00000006% and .000000054% of the site’s total registered users whose data was leaked in the security breach.

I’m curious to see how the hack continues to affect its outed users and those close to them.

 

Ashley Madison Hackers Post the Site’s User Data

Ashley Madison homepage (Ashley Madison)

Ashley Madison homepage (Ashley Madison)

Happy Friday! Remember when cheating site Ashley Madison was hacked last month? And how the hackers threatened to release user data to the whole Internet?

Well, they’ve finally done it. The Impact Team, as the group of hackers is known, put the data online on the Dark Web, which can only be reached using specialized equipment. They dumped a jaw-dropping 9.7 GigaBytes (GBs) of data that went back to 2008.

(For context/scale, I have a 4 TeraByte (TB) external hard drive that I keep old school projects and work on. I’ve had that thing for over 6 years, and still haven’t filled it up. One TB is equal to .001 GBs. So you can imagine how voluminous this data breach truly is.)

There seems to be some disagreement over exactly how many users had data leaked. “CNN Money” claims 32M, while “Wired” and “Engadget” put the number closer to 37M.

As of July, Ashley Madison claimed to have 40M+ users.

Ashley Madison data dump (Gizmodo)

Ashley Madison data dump (Gizmodo)

Among the metrics leaked were users’  names, addresses and phone numbers. “Wired” looked into some initial data analysis:

A sampling of the data indicates that users likely provided random numbers and addresses, but files containing credit card transactions will yield real names and addresses, unless members of the site used anonymous pre-paid cards. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.

Passwords were broken by “hashing,” or breaking into the algorithm a site would use to protect passwords. The hackers used the “bcrypt” algorithm used in web development language PHP. This is usually a secure measure to protect passwords. But hey, at least Ashley Madison tried:

It’s notable, however, that the cheating site, in using the secure hashing algorithm, surpassed many other victims of breaches we’ve seen over the years who never bothered to encrypt customer passwords.

Have a great weekend, and go change your passwords!

Planned Parenthood Hacks: By The Numbers

Planned Parenthood site outage (Planned Parenthood)

Planned Parenthood site outage (Planned Parenthood)

You may have heard that Planned Parenthood’s website got hacked earlier this week. But did you know it got hacked twice?

That’s right. It actually happened twice in one week. Planned Parenthood was first hacked this past Sunday night, and then again on Wednesday. The hacking on Sunday was performed by a group called 3301. The group hacked employees’ personal contact information and internal emails and files. According to 3301’s leader E, the breach was possible due to the organization’s “extremely outdated and broken” coding.

While previously unknown, this group holds some extreme anti-abortion views, and feels that what Planned Parenthood does is “a very ominous practice.” The hacking was prompted by some recent leaked videos showing Planned Parenthood officials “discussing the sale of aborted fetal tissue.”

3301 calls its members “social justice warriors.”

The hacking on Wednesday interfered with the organization’s usual flow of web traffic. It was a large “distributed denial-of-service” (DDoS), where users couldn’t access the site due to the server getting flooded with voluminous quantities of data.

(And for those who wish I’d write about something else this week: yes, I know I just covered another prominent website’s hacking, but I couldn’t let this one pass by unacknowledged.)

Here are the numbers behind the hacking:

1: day that Planned Parenthood took their own site offline

2: times the site has been hacked this week

2: Government agencies (Department of Justice and the FBI) investigating the data breaches

300: number of Planned Parenthood employees whose personal information has already been leaked

200K: number of people who visit Planned Parenthood’s site daily

2.7M: Number of people that Planned Parenthood helps in a given year

#ThrowbackThursday: Planned Parenthood’s Site Outage, 2015

Planned Parenthood site outage (Planned Parenthood)

Planned Parenthood site outage (Planned Parenthood)

Today, I’m throwing it all the way back to…yesterday. But for good reason: Planned Parenthood kept its site offline yesterday to a cyberattack. And it’s actually the second cyberattack within four days for them. What a week!

This is important because Planned Parenthood is a trusted resource for people to get access to reproductive healthcare, especially those who might otherwise go without it. It’s very scary that anti-abortion extremists are targeting the site, and that our very rights are under attack. I just hope that the real “social justice warriors” are coming out in full force for this fight.

Jennifer Lawrence Nude Photo Hack: Is Our Cloud Data Safe?

Jennifer Lawrence Oscars 2013

JLaw is not amused.

Earlier this week, Oscar winner Jennifer Lawrence’s private photos were hacked off her iCloud. She wasn’t the only one: Rihanna and Kate Upton were hit as well.

This high-security breach naturally leads us lesser mortals to worry about our own data within the Cloud.

But should we?

Apple feels it wasn’t a security breach, but a specific targeted act. This seems to check out, as we’re only hearing of celebrities being hacked and not Jane from down the street. (Of course, if Jane did get hacked, I’m sure Apple wouldn’t want to risk losing their customer base by publicizing that.)

The iCloud has been up and running for nearly three years, and this is the first security breach we’ve seen so far. So the storage service’s track record has been good up until this point. But it is a large, high-visibility blip on the radar, brought into the spotlight by America’s Sweetheart.

Apple’s track record suggests that this is an embarrassing security anomaly, and hopefully a longer-term trend will bear that out.