Shortly after hackers posted account details and logins for more than 30 million AshleyMadison.com members this week, the debate began: Were the hackers right to target the cheating site for its questionable morals? Or, is the Ashley Madison hack just the latest example of criminals breaking the law to push their own agenda? But, as arguments continue over whether Ashley Madison and its members deserved to be exposed, this latest high-profile data breach raises as many questions about corporate ethics as it does about the hacker's.
In addition to the site's promotion of questionable morality, the Ashley Madison hackers objected to the business practices of the site's owner, Avid Life Media Inc. Leaked documents show Ashley Madison made $1.7 million in additional revenue last year by charging users to erase their profiles and "remove all traces of [their] usage" -- a feature the hackers claim was ineffective.
"If it isn't already plainly obvious to companies, what they do and how they act has an influence on whether or not they draw the attention of hacktivists and vigilantism," said Adrian Sanabria, senior security analyst at 451 Research LLC, based in New York.
Sanabria pointed to Sony as one organization that learned this lesson the hard way. The hacktivist threat to corporations has given rise to new services. In an attempt to nip these problems in the bud, vendors have begun offering services to help organizations gauge public opinion about their companies and brands.
"There are also companies focused on just identifying bad actors actively planning to attack a company or brand," Sanabria said. "The idea is to put a stop to such campaigns before they get off the ground, but maintaining this level of visibility can be a lot of work and expense."
Fake user profiles and email addresses?
Questions have also been raised about the veracity of the information contained in the user profiles published on the Ashley Madison site, further putting the company's business practices under the microscope. In a statement explaining their actions, Ashley Madison hackers pointed to a case where a former worker said she wrote thousands of fake profiles for women. Hackers also claimed that more than 90% of Ashley Madison users were actually male.
Email addresses that members used for their profiles were not verified by Avid Life Media either, allowing some to set up fake addresses or use legitimate ones of unsuspecting individuals.
"There is no validation of the email addresses. There is the case of the worker that sued them for writing fake profiles for women. The reality is very different from what the company claims," Young said.
Hacks remain common, while privacy wanes
And while the moral and ethical outrage surrounding the Ashley Madison hack gets the majority of the headlines, some say it distracts from the real issue: the assault on consumer privacy and a business's apparent inability to safeguard data privacy.
"This is not about moral judgments. It is about a hacker group that obtained and published data illegally, and a company that was unable to protect its users' data," said Raul Castanon-Martinez, enterprise mobility and cloud analyst at 451 Research.
Nor do businesses seem to be able to learn from past mistakes. Despite the numerous data breaches affecting millions of consumers in recent years, hacks like the one on Ashley Madison are still common. Young noted that every piece of information a person puts on the Internet -- whether it's health information, political activities, hobbies or online purchases -- is attackable and can be exposed by hackers. This forces companies -- and their customers -- to be much more accountable than they have been of late when it comes to online information protection.
"Overall, it just highlights how vulnerable everything is -- things are worse now than they have ever been from a protective standpoint," Young said. "All of this stuff is attackable now, there is a history to it and you really have to think about privacy."
CIO news roundup for week of Aug. 17
- Amazon is the most valuable retailer in the country, and prides itself on its ability to push workers to get them to achieve the company's lofty goals. But, do its data-driven motivation tactics go too far?
- Target Corp. has reached a settlement with Visa over the 2013 data breach that compromised the private data of millions of Black Friday shoppers. Target will pay up to $67 million to Visa and its card issuers for the breach, which also resulted in the resignation of several top Target executives.
- Are the days of slacking off at work gone forever? New, data-crunching workplace technology is giving employers new tools to monitor workers' efforts, help them focus, motivate them and even make sure they show up on time.
- Shares of Tesla Motors surged this week after a Morgan Stanley analyst note said the electric car company's stock could nearly double in value. Experts said the note showed Tesla's leadership potential in the self-driving vehicle market.
Read our sister site ComputerWeekly's coverage on the Ashley Madison hack, and why some experts claim there is a lack of incentives for companies to improve consumer privacy.