The security breach addressed in this assignment is the Ashley Madison data Hack of 2015.
In the year 2015, July a group that is referred to itself as “The Impact Team” was involved in the stealing of the user data from Ashley Madison, which is a commercial website that is billed as facilitating extramarital affairs. In carrying out the breach, the group copied private information relating to the site’s user base and consequently threatened to discharge users’ names and individually to categorize the information if Ashley Madison was not instantaneously shut down. On the 18th and 20th of August 2015, the group leaked over 25 gigabytes of company data, together with user details. The fact that the site has a policy of not deleting the personal information of the users’ entailing real names, search history, home addresses along with credit card operation records numerous users feared being openly shamed.
More than 32 million confidential accounts that operated on the website were compromised due to the security breach. The users of the site were severely affected since the identities of the site users’ identities were exposed. Everyone who had used the site, from the privileged of the society to the standard individuals off the street, was affected directly. The businesses that were operated by members of Ashley Madison additionally faced grave reputational as well as financial fatalities. Furthermore, the uprightness of numerous people all over the country was under scrutiny. On top of private information, the hackers exposed most of the organizations as well as businesses that the users of the site work for, encompassing some high-level government agencies moreover military organizations. The cyber attack has made it imperative that the employers of uncovered Ashley Madison clients deal with the individual use of company assets along with codes of conduct.
The breach came to light when journalist Brian Krebs got a tip offer relating to Ashley Madison, a site that claimed to possess more than 37.6 million members, who were all guaranteed anonymity and 100% discreetness. On this day, Krebs had received a document with the real names as well as the real credit card numbers belonging to the members of Ashley Madison. The tip that he received additionally had street addresses as well as postcodes that belonged to the members. Some of the elements that were incorporated in the documents that Krebs received in the leaked cache included the list of the telephone numbers that belonged to the senior executives at Ashley Madison and ALM.
The management undertook an assortment of responses to the breach. Among these included putting policies and measures that addressed the employees use of company resources a well as their personal equipment. The management additionally addressed the development of intrusion detection strategies to ensure only the allowed personnel accessed the premises, started introducing the use of behavior analytics as well as password practices in all their information resources. They additionally abandoned the poor practices of using authentication tokens as well as credentials in the source code and hiring experts to promote their programming platform to eliminate the possible hacks in future.
Some attributes could have been done differently to prevent the breach. Among these include the use of a serious programming platform that could have prevented the hackers from accessing their platform. They could also have used employee vetting strategies to assess the ones who could possibly indicate red flags. Additionally, the company could have had policies that restricted the use of personal equipment at the company and reporting the losses of company issues equipment as phones and computers immediately.