Ashley Madison breach puts spotlight on security at Whistler startup conference

 

More than 52,000 users from Vancouver were on the breached infidelity dating website

 
 
 
 
Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday, fulfilling a threat to release sensitive information including account details, log-ins and credit card details.
 
 

Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday, fulfilling a threat to release sensitive information including account details, log-ins and credit card details.

Photograph by: Carl Court, Getty Images

More on This Story

 

WHISTLER — Even if their customers aren’t cheating on their partners, startups in a rush to sign up new customers need to put security first.

This was the message delivered in sessions on data security at the startup conference GROW in Whistler, as the release of personal information on millions of users of the infidelity dating website AshleyMadison.com is wreaking havoc in bedrooms and boardrooms around the world.

“I think Ashley Madison is going to do wonders in making people realize the risk,” Bil Harmer, chief security officer at San Francisco’s GoodData, said in an interview after his presentation entitled “For startups, security is 2nd to customer acquisition, until your customer’s data leaks.”

“They were in the business of protection of very, very private information and in the business of deleting it when paid, and they didn’t do either.”

The breach at AshleyMadison.com, a dating site for people looking to have affairs, occurred last month. But this week the hackers posted personal information from the site’s 32 million users, including credit card numbers, email addresses and preferences in sexual affairs. While the data was first released on the so-called dark web — an area of the Internet not available to conventional web browsers — it has since been copied on open websites.

“CEOs are saying, ‘I heard about this Ashley Madison story — can that happen to us?’” Harmer said.

Kristina Bergman, principal with Ignition Partners, a venture capital firm that focuses on companies in infrastructure and data security, said while individuals and companies have become accustomed to data breaches, the Ashley Madison breach is focusing attention on security in a way other breaches haven’t.

“It makes it personal in a way that all of the other hacks are not,” she said.

“Somebody steals my credit card info from Target and I get a new credit card number. Somebody steals that (Ashley Madison) information — it makes it incredibly personal and hits home with millions of people.”

Harmer said breaches have become increasingly personal, progressing from credit cards, to health and social security information to the current one that has broadcast sexual details people don’t talk about for the Internet to see.

“Now we’re talking about real life consequence,” Harmer said. “We’re talking about divorce. Blackmail is going to be a huge one. Public shaming.”

A group identifying itself as the Impact Team threatened to release the information if the website, which is a brand of Toronto-based Avid Life Media, didn’t shut down. Earlier this week the data was dumped on the dark web.

“It is vigilante justice in the technology sphere that is completely ungoverned by any judicial or legal review or process or set of laws,” Bergman said. “It is absolutely vigilante justice and it is brutal because they are judge, jury and executioner.”

Harmer said not looking at risk is the biggest mistake he sees startup CEOs make.

“Security is a holistic approach,” he said. “If you don’t take a holistic approach to what you’re doing, you’re going to be looking at just one piece of it.”

The data site dadaviz.com estimated 6.3 per cent of Canadians have an Ashley Madison account, although email addresses weren’t verified and it warns “a portion of the information from the database may be fraudulent.” It says of the more than 36 million email addresses in the Ashley Madison database, 24 million are valid. Bogus email addresses have included politicians and other prominent people. Forty per cent identify as being single and 57 per cent say they have partners. Among accounts identified with gender, 86 per cent are male, 14 per cent female.

The site identifies more than 52,000 users from Vancouver, putting the city seventh in terms of user numbers among 10 cities across Canada.

The GROW conference, which brings together venture capitalists and entrepreneurs from the Silicon Valley and the Pacific Northwest, wraps up today.

gshaw@vancouversun.com

vancouversun.com/digitallife

===

Click here to report a typo or visit vancouversun.com/typo.

Is there more to this story? We'd like to hear from you about this or any other stories you think we should know about. CLICK HERE or go to vancouversun.com/moretothestory

 
 
 
Font:
 
 
 
 
Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday, fulfilling a threat to release sensitive information including account details, log-ins and credit card details.
 

Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday, fulfilling a threat to release sensitive information including account details, log-ins and credit card details.

Photograph by: Carl Court, Getty Images

 
Hackers who stole customer information from the cheating site AshleyMadison.com dumped 9.7 gigabytes of data to the dark web on Tuesday, fulfilling a threat to release sensitive information including account details, log-ins and credit card details.
Bil Harmer, chief security officer at San Francisco’s GoodData, and Kristina Kerr Bergman, principal at Ignition Partners, at the GROW startup conference in Whistler.
 
 
 
 
 
 
We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.
 
 
 
 
 
 
 
Your voice