SlideShare a Scribd company logo
1 of 75
Ashley Madison :
Lessons (to be) Learned
Per Thorsheim
Security Adviser
@thorsheim
Article 12:
“No one shall be subjected to arbitrary interference with
his privacy, family, home or correspondence, nor to
attacks upon his honour and reputation. Everyone has the
right to the protection of the law against such interference
or attacks.”
The Universal Declaration of Human Rights,
United Nations
About Ashley Madison
Ashley Madison hacked
July 15
The threat
Data Dumps Online
Number of traveling man purchases.docx
SQL queries to investigate high-travel user's purchases.
q2 2013 summary compensation detail_managerinput_trevor-s team.xlsx
Per-employee compensation listings.
AVIDLIFEMEDIA (primary corporate domain) user information and hashes.txt
Noel's loan agreement.pdf
A promissory note for the CEO to pay back ~3MM in Canadian monies.
Areas of concern - customer data.docx
Appears to be a risk profile of the major security concerns that ALM has regarding their customer's data. And yes, a major user data
dump is on the list of concerns.
A listing of all ALM associated bank account numbers and the biz which owns them.
Rev by traffic source rebill broken out.docx
Rebill Success Rate Queries.docx
Copies of Option Agreements.pdf
All agreements for what appears all of the company's outstanding options.
paypal accounts.xlsx
Various user/passes for ALM paypal accounts (16 in total)
ARPU and ARPPU.docx
A listing of SQL commands which provide revenue and other macro financial health info.
TL;DR :
• The leak contains lots of source code (nearly
3M lines of code according to sloccount)
• 73 different git repositories are present
• Ashley Madison used gitlab internally
• The 13GB compressed file which could contain
AM CEO’s emails seems corrupted. Is it a fake
one?
• The leak contains plain text or poorly hashed
(md5) db credentials
Media
9,000+ articles – and counting….
Password analysis
123456
password
12345
qwerty
12345678
ashley
baseball
abc123
696969
111111
football
fuckyou
madison
asshole
superman
fuckme
hockey
123456789
hunter
harley
202
105
99
32
31
28
27
27
23
21
20
20
20
19
19
19
19
19
18
18
Passwords found
Statements from Avid Life Media
We immediately launched a thorough investigation
We apologize
No company’s online assets are safe from cyber-vandalism
Despite investing in the latest privacy and security technologies.
We have always had the confidentiality of our customers’ information foremost in our minds
We have been able to secure our sites, and close the unauthorized access points.
July 20, 2015
#2, July 20, 2015
Using the Digital Millennium Copyright Act (DMCA), our team has now successfully
removed the posts related to this incident as well as all Personally Identifiable
Information (PII) about our users published online. We have always had the
confidentiality of our customers’ information foremost in our minds and are pleased
that the provisions included in the DMCA have been effective in addressing this
matter.
August 18, 2015
No current or past members’ full credit card numbers were stolen
from Avid Life Media. Any statements to the contrary are false. Avid
Life Media has never stored members’ full credit card numbers.
…. BUT ALL OUR MEMBERS MOST INTIMATE SEXUAL PREFERENCES
ARE FULLY AVAILABLE ONLINE FOR FREE, FOR ANYONE TO READ!
Effective today, Noel Biderman, in mutual agreement with the
company, is stepping down as Chief Executive Officer of Avid Life
Media Inc. (ALM) and is no longer with the company.
August 28, 2015
CEO
Search sites
Scams
Suicide
Two individuals associated with the leak of
Ashley Madison customer details are reported
to have taken their lives, according to police in Canada.
Ashley Madison's Canadian parent company Avid Life
Media is offering a C$500,000 (£240,000) reward for
information on the hackers, they added.
Police have set up a Twitter account, @AMCaseTPS,
and hashtag, #AMCaseTPS, in a bid to gather
information about the hack from members of the public.
Hunting Hackers
«If they only did as we ….»
Oh, really?
No HTTPS =
No Security
No Privacy
Account enumeration =
Security design weakness
Profiteering
http://www.troyhunt.com/2015/08/heres-what-ashley-madison-members-have.html
Questions for Ashley Madison
Current Terms and Services @ Ashley Madison (September 2015):
However, in the terms and services of the site, it explicitly warns would-
be cheaters that many users of the site subscribe “for purely
entertainment purposes”. It continues:
“You acknowledge and agree that any profiles of users and Members, as
well as, communications from such persons may not be true, accurate or
authentic and may be exaggerated or based on fantasy. You
acknowledge and understand that you may be communicating with such
persons and that we are not responsible for such communications.”
February 2015: Terms and Services @ Ashley Madison:
“The profiles we create are not intended to resemble or mimic any actual
persons. We may create several different profiles that we attach to a
given picture. You understand and acknowledge that we create these
profiles and that these profiles are not based on or associated with any
user or Member of our Service or any other real person. You also
acknowledge and agree that the descriptions, pictures and information
included in such profiles are provided primarily for your amusement and
to assist you navigate and learn about our Site. As part of this feature,
the profiles may offer, initiate or send winks, private keys, and virtual
gifts. Any one of these profiles may message with multiple users at the
same or substantially the same times just like our users.
Our profiles message with Guest users, but not with Members. Members
interact only with profiles of actual persons. Guests are contacted by our
profiles through computer generated messages, including emails and
instant messages. These profiles are NOT conspicuously identified as
such.”
1. How many actual users did it have?
2. Did it make fake accounts?
3. Was it aware of prostitution on the site?
4. It promised security to its customers. What did it
do to ensure this?
5. Its CEO said the leak was an inside job. What
made him think that? Has he changed his mind?
6. Why did the «full delete» not fully delete a
customer’s profile? Why did it keep location
information for a fully deleted account?
7. Given it took card payments for a full delete,
why didn’t it make clear that payment
information has to be retained?
8. Why didn’t it disclose the hack to customers as
soon as it happened? Why did they have to find
out from the press?
9. Why did it make a specific, narrow denial about
storing card numbers?
10. Why is it still implying the leak is not real?
The Law
is changing for the better.
37 565 000
Over 42 195 000 anonymous members!
¯_(ツ)_/¯
Article 12:
“No one shall be subjected to arbitrary interference with
his privacy, family, home or correspondence, nor to
attacks upon his honour and reputation. Everyone has the
right to the protection of the law against such interference
or attacks – even members of Ashley Madison.”
The Universal Declaration of Human Rights,
United Nations
PasswordsCon.org
University of Cambridge, December 7-9, 2015
per@godpraksis.no
www.godpraksis.no
+47 90 99 92 59
@thorsheim

More Related Content

What's hot

2018 Social Media Tools for Lawyers
 2018 Social Media Tools for Lawyers 2018 Social Media Tools for Lawyers
2018 Social Media Tools for LawyersMegan Hargroder
 
Social Login Myths for Businesses - LoginRadius
Social Login Myths for Businesses - LoginRadiusSocial Login Myths for Businesses - LoginRadius
Social Login Myths for Businesses - LoginRadiusLoginRadius
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
IST Presentation
IST PresentationIST Presentation
IST Presentationguest1d1ed5
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Your privacy online: Health information at serious risk of abuse, researchers...
Your privacy online: Health information at serious risk of abuse, researchers...Your privacy online: Health information at serious risk of abuse, researchers...
Your privacy online: Health information at serious risk of abuse, researchers...impartialnewsle68
 
2013 05 tips
2013 05 tips2013 05 tips
2013 05 tipsLiberteks
 
Internet issues
Internet issuesInternet issues
Internet issuesCJ900
 
What the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhat the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhoisXML API
 
Identity theft 10 mar15
Identity theft 10 mar15Identity theft 10 mar15
Identity theft 10 mar15Naval OPSEC
 
Online Collection Techniques
Online Collection TechniquesOnline Collection Techniques
Online Collection TechniquesMichelle Dunn
 
Website Compliance 2009
Website Compliance 2009Website Compliance 2009
Website Compliance 2009scottsicle
 
The Introductory Guide to Social Login
The Introductory Guide to Social LoginThe Introductory Guide to Social Login
The Introductory Guide to Social LoginLoginRadius
 

What's hot (20)

2018 Social Media Tools for Lawyers
 2018 Social Media Tools for Lawyers 2018 Social Media Tools for Lawyers
2018 Social Media Tools for Lawyers
 
LinkedIn Smart Card
LinkedIn Smart CardLinkedIn Smart Card
LinkedIn Smart Card
 
Social Login Myths for Businesses - LoginRadius
Social Login Myths for Businesses - LoginRadiusSocial Login Myths for Businesses - LoginRadius
Social Login Myths for Businesses - LoginRadius
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
IST Presentation
IST PresentationIST Presentation
IST Presentation
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
It act
It actIt act
It act
 
Your privacy online: Health information at serious risk of abuse, researchers...
Your privacy online: Health information at serious risk of abuse, researchers...Your privacy online: Health information at serious risk of abuse, researchers...
Your privacy online: Health information at serious risk of abuse, researchers...
 
2013 05 tips
2013 05 tips2013 05 tips
2013 05 tips
 
IT Sample Paper
IT Sample PaperIT Sample Paper
IT Sample Paper
 
Internet issues
Internet issuesInternet issues
Internet issues
 
What the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for CybersecurityWhat the Redaction of WHOIS Data Means for Cybersecurity
What the Redaction of WHOIS Data Means for Cybersecurity
 
Identity theft 10 mar15
Identity theft 10 mar15Identity theft 10 mar15
Identity theft 10 mar15
 
Avoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonAvoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax Season
 
Online Collection Techniques
Online Collection TechniquesOnline Collection Techniques
Online Collection Techniques
 
Website Compliance 2009
Website Compliance 2009Website Compliance 2009
Website Compliance 2009
 
The Introductory Guide to Social Login
The Introductory Guide to Social LoginThe Introductory Guide to Social Login
The Introductory Guide to Social Login
 
Ebay
EbayEbay
Ebay
 

Similar to QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating site got hacked

Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftElizabeth Dimit
 
Capita cyber incident QAs 25 May 2023.pdf
Capita cyber incident QAs 25 May 2023.pdfCapita cyber incident QAs 25 May 2023.pdf
Capita cyber incident QAs 25 May 2023.pdfHenry Tapper
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfHost It Smart
 
Reta email blast anthem
Reta email blast anthemReta email blast anthem
Reta email blast anthemamason04
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Introduction of cyber security
Introduction of cyber securityIntroduction of cyber security
Introduction of cyber securitynahinworld
 
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedThe Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedCBIZ, Inc.
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse Systemoldshaman
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developerSteve Poole
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Daniel Michels
 
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
How Cyber-Secure is your Family Enterprise? A special report for clients of P...How Cyber-Secure is your Family Enterprise? A special report for clients of P...
How Cyber-Secure is your Family Enterprise? A special report for clients of P...Declan Winston Ramsaran
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Rise of cyber security v0.1
Rise of cyber security v0.1Rise of cyber security v0.1
Rise of cyber security v0.1Sohail Gohir
 

Similar to QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating site got hacked (19)

Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
 
What Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets BreachedWhat Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets Breached
 
Capita cyber incident QAs 25 May 2023.pdf
Capita cyber incident QAs 25 May 2023.pdfCapita cyber incident QAs 25 May 2023.pdf
Capita cyber incident QAs 25 May 2023.pdf
 
Data breach
Data breachData breach
Data breach
 
What Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdfWhat Types Of Information ECommerce Sites Need To.pdf
What Types Of Information ECommerce Sites Need To.pdf
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
 
Reta email blast anthem
Reta email blast anthemReta email blast anthem
Reta email blast anthem
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Identity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for BusinessIdentity Theft Red Flags Rule for Business
Identity Theft Red Flags Rule for Business
 
Introduction of cyber security
Introduction of cyber securityIntroduction of cyber security
Introduction of cyber security
 
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedThe Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been Impacted
 
Affirmative Defense Reponse System
Affirmative Defense Reponse SystemAffirmative Defense Reponse System
Affirmative Defense Reponse System
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Equifax Flyer Aug 2017
Equifax Flyer Aug 2017
 
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
How Cyber-Secure is your Family Enterprise? A special report for clients of P...How Cyber-Secure is your Family Enterprise? A special report for clients of P...
How Cyber-Secure is your Family Enterprise? A special report for clients of P...
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
 
Rise of cyber security v0.1
Rise of cyber security v0.1Rise of cyber security v0.1
Rise of cyber security v0.1
 

More from QAFest

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQAFest
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQAFest
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QAFest
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QAFest
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQAFest
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQAFest
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQAFest
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QAFest
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QAFest
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQAFest
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QAFest
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QAFest
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQAFest
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QAFest
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QAFest
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQAFest
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQAFest
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QAFest
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QAFest
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QAFest
 

More from QAFest (20)

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилинQA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
 
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The FutureQA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
QA Fest 2019. Анна Чернышова. Self-healing test automation 2.0. The Future
 
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
QA Fest 2019. Doug Sillars. It's just too Slow: Testing Mobile application pe...
 
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
QA Fest 2019. Катерина Спринсян. Параллельное покрытие автотестами и другие и...
 
QA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать большеQA Fest 2019. Никита Галкин. Как зарабатывать больше
QA Fest 2019. Никита Галкин. Как зарабатывать больше
 
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiledQA Fest 2019. Сергей Пирогов. Why everything is spoiled
QA Fest 2019. Сергей Пирогов. Why everything is spoiled
 
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгораниемQA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
QA Fest 2019. Сергей Новик. Между мотивацией и выгоранием
 
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
QA Fest 2019. Владимир Никонов. Код Шредингера или зачем и как мы тестируем н...
 
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
QA Fest 2019. Владимир Трандафилов. GUI automation of WEB application with SV...
 
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium ClusterQA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
QA Fest 2019. Иван Крутов. Bulletproof Selenium Cluster
 
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
QA Fest 2019. Николай Мижигурский. Миссия /*не*/выполнима: гуманитарий собесе...
 
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
QA Fest 2019. Володимир Стиран. Чим раніше – тим вигідніше, але ніколи не піз...
 
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automationQA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
QA Fest 2019. Дмитрий Прокопук. Mocks and network tricks in UI automation
 
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
QA Fest 2019. Екатерина Дядечко. Тестирование медицинского софта — вызовы и в...
 
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
QA Fest 2019. Катерина Черникова. Tune your P’s: the pop-art of keeping testa...
 
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях ITQA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
QA Fest 2019. Алиса Бойко. Какнезапутаться в коммуникативных сетях IT
 
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложенииQA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
QA Fest 2019. Святослав Логин. Как найти уязвимости в мобильном приложении
 
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
QA Fest 2019. Катерина Шепелєва та Інна Оснач. Що українцям потрібно знати пр...
 
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
QA Fest 2019. Антон Серпутько. Нагрузочное тестирование распределенных асинхр...
 
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
QA Fest 2019. Петр Тарасенко. QA Hackathon - The Cookbook 22
 

Recently uploaded

Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Scientific Writing :Research Discourse
Scientific  Writing :Research  DiscourseScientific  Writing :Research  Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptxUnraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...Nguyen Thanh Tu Collection
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Scientific Writing :Research Discourse
Scientific  Writing :Research  DiscourseScientific  Writing :Research  Discourse
Scientific Writing :Research Discourse
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptxUnraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level   being good citizen -imperative- (1) (1).pdfMS4 level   being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
31 ĐỀ THI THỬ VÀO LỚP 10 - TIẾNG ANH - FORM MỚI 2025 - 40 CÂU HỎI - BÙI VĂN V...
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 

QA Fest 2015. Per Thorsheim. Lessons learned: When the worlds largest dating site got hacked

  • 1. Ashley Madison : Lessons (to be) Learned Per Thorsheim Security Adviser @thorsheim
  • 2. Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” The Universal Declaration of Human Rights, United Nations
  • 4.
  • 5.
  • 8.
  • 9.
  • 10.
  • 12.
  • 14.
  • 15.
  • 16. Number of traveling man purchases.docx SQL queries to investigate high-travel user's purchases. q2 2013 summary compensation detail_managerinput_trevor-s team.xlsx Per-employee compensation listings. AVIDLIFEMEDIA (primary corporate domain) user information and hashes.txt Noel's loan agreement.pdf A promissory note for the CEO to pay back ~3MM in Canadian monies. Areas of concern - customer data.docx Appears to be a risk profile of the major security concerns that ALM has regarding their customer's data. And yes, a major user data dump is on the list of concerns. A listing of all ALM associated bank account numbers and the biz which owns them. Rev by traffic source rebill broken out.docx Rebill Success Rate Queries.docx Copies of Option Agreements.pdf All agreements for what appears all of the company's outstanding options. paypal accounts.xlsx Various user/passes for ALM paypal accounts (16 in total) ARPU and ARPPU.docx A listing of SQL commands which provide revenue and other macro financial health info.
  • 17. TL;DR : • The leak contains lots of source code (nearly 3M lines of code according to sloccount) • 73 different git repositories are present • Ashley Madison used gitlab internally • The 13GB compressed file which could contain AM CEO’s emails seems corrupted. Is it a fake one? • The leak contains plain text or poorly hashed (md5) db credentials
  • 18. Media
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. 9,000+ articles – and counting….
  • 27.
  • 28.
  • 29.
  • 30. Statements from Avid Life Media
  • 31. We immediately launched a thorough investigation We apologize No company’s online assets are safe from cyber-vandalism Despite investing in the latest privacy and security technologies. We have always had the confidentiality of our customers’ information foremost in our minds We have been able to secure our sites, and close the unauthorized access points. July 20, 2015
  • 32. #2, July 20, 2015 Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online. We have always had the confidentiality of our customers’ information foremost in our minds and are pleased that the provisions included in the DMCA have been effective in addressing this matter.
  • 33. August 18, 2015 No current or past members’ full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false. Avid Life Media has never stored members’ full credit card numbers. …. BUT ALL OUR MEMBERS MOST INTIMATE SEXUAL PREFERENCES ARE FULLY AVAILABLE ONLINE FOR FREE, FOR ANYONE TO READ!
  • 34. Effective today, Noel Biderman, in mutual agreement with the company, is stepping down as Chief Executive Officer of Avid Life Media Inc. (ALM) and is no longer with the company. August 28, 2015
  • 35. CEO
  • 36.
  • 37.
  • 38.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. Scams
  • 46.
  • 48. Two individuals associated with the leak of Ashley Madison customer details are reported to have taken their lives, according to police in Canada. Ashley Madison's Canadian parent company Avid Life Media is offering a C$500,000 (£240,000) reward for information on the hackers, they added. Police have set up a Twitter account, @AMCaseTPS, and hashtag, #AMCaseTPS, in a bid to gather information about the hack from members of the public.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. «If they only did as we ….» Oh, really?
  • 55. No HTTPS = No Security No Privacy
  • 58.
  • 59.
  • 60.
  • 63.
  • 64. Current Terms and Services @ Ashley Madison (September 2015): However, in the terms and services of the site, it explicitly warns would- be cheaters that many users of the site subscribe “for purely entertainment purposes”. It continues: “You acknowledge and agree that any profiles of users and Members, as well as, communications from such persons may not be true, accurate or authentic and may be exaggerated or based on fantasy. You acknowledge and understand that you may be communicating with such persons and that we are not responsible for such communications.”
  • 65. February 2015: Terms and Services @ Ashley Madison: “The profiles we create are not intended to resemble or mimic any actual persons. We may create several different profiles that we attach to a given picture. You understand and acknowledge that we create these profiles and that these profiles are not based on or associated with any user or Member of our Service or any other real person. You also acknowledge and agree that the descriptions, pictures and information included in such profiles are provided primarily for your amusement and to assist you navigate and learn about our Site. As part of this feature, the profiles may offer, initiate or send winks, private keys, and virtual gifts. Any one of these profiles may message with multiple users at the same or substantially the same times just like our users. Our profiles message with Guest users, but not with Members. Members interact only with profiles of actual persons. Guests are contacted by our profiles through computer generated messages, including emails and instant messages. These profiles are NOT conspicuously identified as such.”
  • 66. 1. How many actual users did it have? 2. Did it make fake accounts? 3. Was it aware of prostitution on the site? 4. It promised security to its customers. What did it do to ensure this? 5. Its CEO said the leak was an inside job. What made him think that? Has he changed his mind? 6. Why did the «full delete» not fully delete a customer’s profile? Why did it keep location information for a fully deleted account? 7. Given it took card payments for a full delete, why didn’t it make clear that payment information has to be retained? 8. Why didn’t it disclose the hack to customers as soon as it happened? Why did they have to find out from the press? 9. Why did it make a specific, narrow denial about storing card numbers? 10. Why is it still implying the leak is not real?
  • 67. The Law is changing for the better.
  • 68.
  • 70. Over 42 195 000 anonymous members!
  • 72.
  • 73. Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks – even members of Ashley Madison.” The Universal Declaration of Human Rights, United Nations