Here is a topical one. The Ashley Madison data dump is all over the news (an almost inevitable event), but beware and be warned – because this is only the start of this story in terms of IT Security risks. Other things are stirring in the darkness…
Many people, either out of curiosity or out of personal interests, are now hunting on the internet for the stolen data, little realising they may actually be the prey.
I would advise people to be very, very careful when seeking to access this information, because it has been published on the “Dark Internet” (the internet black market, a subject for a future instalment) and as it is trending, there are many traps being set for inexperienced internet users. Your machine can become infected and worse by browsing to sites claiming to have the information.
I strongly suggest that anyone looking to gain access to the data should wait until a reputable company/news organisation provides verified links to it. Do not click on links in emails received as multiple spam campaigns are already well underway.
We are all naturally very curious especially when it comes to this type of thing, partners and spouses that have the slightest doubt will naturally be itching to take a look to see if their other half’s names are listed.
Let’s look at the numbers first.
There are various reports about the number of Ashley Madison customers’ details that have been dumped and published. Let’s use for the sake of argument the figure of 33 million customer’s records. We could assume that virtually all of these are going to try to access the details to confirm whether they are on the list and then we could add in at least a million more suspecting partners that want to check it too. When we add in all the other curious parties, nosy neighbours, suspicious colleagues, the media, other family members etc. due to the trending news agenda, we may well be into the hundreds of millions of people keen to take a look!
Ready and willing victims.
What this means is that there is now a HUGE market with a keen interest and, in some cases a personal interest, in the data. Be in no doubt that this interest will be exploited by cyber criminals predominantly through email Phishing (explained in a previous post) campaigns as well as specially created attack websites.
Thanks to Gary Sharpe for his editorial assistance.