Experts weigh in on the likely fallout of the cyberattack.
Ashley Madison, a dating site for those seeking an extramarital affair, is but the latest victim in a series of mega hacks that have dominated cybersecurity headlines for the past few years.
The hackers responsible are known as The Impact Team, and according to the site’s owners Avid Life Media are probably known to the firm.
In other words, it appears the hack is a classic example of insider threat. But what does it teach us about how we should reform our security practices? CBR asked the experts, and this is what they said:
1) Hack is akin to leak that cost Morrisons £2m
Insider threat is not a new phenomenon in cybersecurity, and has recently been flagged by a court case which revealed that Andrew Skelton, an IT auditor at Morrisons, leaked data from the grocer in an apparent act of revenge, costing it some £2m to fix.
Dave Palmer, director of technology at security firm Darktrace, drew comparisons between the Morrisons attack and that on Ashley Madison, adding that both attacks provided evidence that it was "psychologically quite a big leap" to go from protecting against outsiders to protecting against insiders.
2) Intimate data on sex has exacerbated firm’s risk
As those familiar with the UK data regulator the Information Commissioner’s Office will know, not all information is equally harmful in a breach. In the case of Ashley Madison it is not just payment info or identity data that has been lost, but also information on sexual preferences.
As John Smith, principal solution architect at security vendor Veracode, said: "The secretive nature of Ashley Madison and its especially intimate customer information means that this breach is particularly worrying to the site’s subscribers."
3) Attack proves that any company can become a target
With this hack Ashley Madison has joined the unenviable ranks of those that have publicly admitted being attacked, which includes the likes of grocers such as Target, Internet firms like eBay and even technology giants like Sony.
"There are a number of reasons why a company could become the victim of this kind of attack, such as financial, political or as appears to be the case here, ethical," said Marta Janus, security researcher at Kaspersky Lab. "What is important is that companies understand that anyone can be targeted by cybercriminals."
4) Brand damage will be among the biggest losses
Ashley Madison describes itself as a "discreet" dating site with 37 million "anonymous" users – marketing that demonstrates the importance of secrecy to the firm’s reputation and ability to entice customers to the service.
Noting that mega breaches can constitute "major damage to the brand", Roy Katmor, chief executive of data security firm enSilo said: "A breach at a company where customers rely on their discretion, which is the case here, means that these type of attacks can even threaten [the company’s] very own existence."
5) Users should be careful in the wake of an attack
Whilst the company attracts much of the attention in a large breach, just as affected are the customers of the firm, which in this case have more cause than most to be embarrassed and not seek out advice in its wake.
Tod Beardsley, security engineering manager at Rapid7, said: "As uncomfortable as it might be, Ashley Madison users are encouraged to examine their password-reuse habits, consider more robust password generation and storage practices, and treat with suspicion any communication that appears to come from the compromised service."