A fee to remove personal data?
Burn it down.
Sleazy people running a sleazy service catering to sleazy people? No way!
I thought it was weird that sleazy people would trust the sleazy service to keep their info private.
Iâm having a hard time mustering sympathy here.
Remind me to use a fake name when I go to the doctor next.
So theyâre mad that SOMEBODY ELSE might try to get in on their racket of extorting their customers for moneyâŚ
That data is worth millions of dollars. Imagine all of the suspicious spouses logging into a created site to see if their spouseâs name popped up in the list of users.
Or thatâs what they say anyway.
This situation is going to involve some epic popcorn. Iâll be interested to see if any notable-and-prominent types show up on the client list(the one from their âsugar daddyâ subsite is probably a particularly neat intersection of the great and the good and their sordid passtimes); or whether Sen. Wholesome suddenly develops a (wholly unrelated) interest in the urgency of Shutting Down All The Hackers.
That said, the behavior of the attacker is actually a bit curious; and it makes me wonder what their motive is. Obviously, most any hack involves some level of at least theoretical legal exposure. Hitting a really, really, juicy dataset on the webâs premier adultery solutions provider in the run-up to their rumored IPO is probably going to be good for more than usual. Not the sort of risk you would be well advised to run casually. That said, going public with the existence of the hack and demanding a shutdown seems unlikely to be the option with the highest payoff. If you were going for extortion, you would want to keep it quiet(unless what we are seeing is the âyou didnât take my offer seriously, now what do you say?â phase of negotiations). If you were going to sell the data for spearphishing or individualized blackmail, youâd also want to keep it quiet and let your customers do that.
My assumption would be that somebody inside the organization is feeling particularly burned by them and thus willing to attack directly rather than go for maximum payoff; but I would be interested to see who it is if they do get an ID.
I appreciate the irony, but Iâm a little confused about the hackerâs aims.
It seems that they are upset that Ashley Madison doesnât respect their customersâ desires to be able to safely delete their own data â i.e. that Ashley Madison doesnât treat customersâ privacy well â so theyâre threatening to release all the customerâs data?
It just seems like an odd way to fight for privacy.
Iâve heard about that full-delete option before. Unlike the impression people seem to have of it here I actually think itâs reasonable. Deleting your profile deletes your profile. Full delete reaches into other peopleâs mailboxes and deletes what you sent, also.
Iâve heard of the usual scummy stuff with dead profiles from them but in this particular instance I think they arenât guilty.
I believe the fight is for honesty. As in, the site takes money to delete the info - and then does not delete the info.
They had best get some articles on the site.
[quote=âLorenPechtel, post:12, topic:62070â]
Full delete reaches into other peopleâs mailboxes and deletes what you sent, also.[/quote]
But apparently they werenât doing that, even though they were apparently selling that service. Theyâre going to get their asses sued off. Time for some popcorn, this is going to get good.
Yeah, definitely hard to feel sorry for those being exposedânot because of the implied infidelity (what most people do in their personal lives is none of our business, the exception being hypocritical politicians and the like) but because they were so awe-inspiringly stupid to put their trust in such a site in the first place. This has a real Darwin-awards vibe to it.
Somehow I donât exactly find myself surprised. For-pay dating sites tend to be pretty scummy, if they were selling a service they werenât providing that sounds like class action time. (Although I wouldnât be surprised if thereâs a binding-arbitration/no-class-action clause in their TOS.)
Main lesson- never use the Internet for anything ever.
Itâs pretty scummy if they only claim to delete the data but keep it anyway.
It sounds like the thing theyâre keeping is records from credit card payments made to the site - I suspect thatâs something theyâre not allowed to delete for some number of years, lest they be unable to respond to an IRS audit.
So, theyâve deleted all traces of your profile in the application itself, great - but since they donât have any non-adultery-related properties for which they might have been taking payment, thereâs no useful plausible deniability about how your credit card data got in their financial records,
(EDIT - right, itâs an Internal Revenue Service, not an AgencyâŚ)