It’s tempting to say ALL websites need strong data protection, but it’s clear that some simply demand more robust protection. Your bank website is one. The IRS is another. On any Top 5 list, you’d probably expect to see dating websites that store highly sensitive preferences, but if recent hacks are any indicator, it’s time to rethink those expectations.
In 2015, Ashley Madison —a site for that billed itself as a 100% discrete service for affairs—experienced a major hack that triggered highly undesirable repercussions. Divorces, job losses, the resignation of its CEO and multiple suicides were attributed to the hack.
Now data regulators in Canada and Australia have zeroed in on the company for what they label ‘inadequate security safeguards” that let hackers compromise data on over 30 million members.
“Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable. This is an important lesson all organizations can draw from the investigation,” said Privacy Commissioner of Canada Daniel Therrien in releasing his agency’s investigation results.
The report added that the company improperly retained data from accounts that had been deleted by users and that the Ashley Madison site was full of fake security assurances.
“Investigators found that at the time of the breach, the home page of the Ashley Madison website included various trustmarks suggesting a high level of security, including a medal icon labeled “trusted security award.” (Company) officials later admitted the trustmark was their own fabrication and removed it.”
Evidently, the Ashley Madison lesson hasn’t been properly heeded by other risqué websites. The latest to be compromised is porn website, Brazzers. Its Brazzers Forum has been down for over a week since news of the compromise surfaced. It appears that this breach could date back to 2012 but users of both brazzeres.com and brazzersforum.com hopefully did not use identical login passwords on both sites.
Haveibeenpwned.com is the best place to check for possible use of your email address. Troy Hunt, a well-regarded and selfless security researcher, provides the site as a public service. Calling these breaches highly sensitive, Hunt imposed some privacy protections of his own after the huge Ashley Madison debacle. You can only search for your own email address on his list; checking for friends or lovers involved in these sensitive data breaches is off limits.
Hunt estimates that over 790,000 different Brazzers users were swept up in the breach. Another recent breach deemed sensitive is social media site Badoo. Hunt lists that June 2016 Badoo report as potentially impacting 112 million users. That makes it one of the Top 10 in history.
So what lessons have been learned? Clearly, it’s wrong to trust websites with your sensitive data because the pattern of data security neglect is clear. Some users have created throwaway email addresses for more sensitive online accounts. Others will just think twice before registering those accounts. The one lesson that stands out clearly is that no website—no matter how private the information they request—is as concerned about protecting your personally identifiable details as you must be.