Breach of adultery site chills IPO
With enough determination, hackers could compromise just about any online dating or hookup service the way they targeted Canadian adultery website AshleyMadison. com, a cybersecurity expert says.
“These things are very doable,” says Brian Bourne, co- founder of the Canadian information technology security conference SecTor. “I’m never surprised. Sometimes I’m surprised by how long it takes.”
On Sunday, the blog KrebsOnSecurity reported that a group of hackers calling themselves The Impact Team had gained access to the site’s data on users, threatening to post names, nude photos and credit card information unless Ashley Madison and affiliated site Established Men were shut down. In a series of statements released Monday, Ashley Madison’s Torontobased parent company, Avid Life Media, confirmed its systems had been breached, saying it had removed any information published online that may have identified users.
This is the second time in two months a prominent online dating site has been compromised. In May, hackers leaked information about users of the hookup site Adult Friend Finder, including their email addresses.
The married people seeking affairs on Ashley Madison may be more interested in discretion than the average online dater, but the hack exposes a vulnerability in the growing industry — even users of services like Tinder would not be happy about their flirty messages and racy photos being made available to their bosses and mothers — and threatens an increasingly hot sector for IPOs.
According to a report from Pew Research in 2013, 11 per cent of adult Internet users have tried online dating, trusting apps and websites with their photos and intimate personal information. These users now make up threequarters of the $ 2.4 billion US dating services industry, which has grown at a rate of five per cent per year since 2010.
Ashley Madison and Match Group, the subsidiary of IAC/ InterActiveCorp that owns popular dating sites such as Tinder, OK Cupid and recently bought Plenty of Fish for $ 575 million, are both planning initial public offerings.
Mark Brooks, principal consultant at the online dating industry advisory firm Courtland Brooks, says he would now be surprised if Avid Life goes ahead with its IPO on schedule. In April, the company said it intends to raise up to $ 200 million US on the London Stock Exchange, but has yet to file a prospectus.
“Their key value is privacy. They’ve failed at a key value,” Brooks says. “Their IPO is definitely going to be affected ... I can’t imagine they’ll proceed with it. They’re not going to achieve full market valuation.”
Brooks says he’s hopeful the hack will have little effect Match Group’s IPO, however. Match’s portfolio of online dating services is much tamer and more conventional.
Still, the infiltration of Ashley Madison revealed not only a weakness in protecting active users but those who had taken their accounts off- line — hackers said Avid Life had accepted fees from users who wanted their accounts fully deleted, but kept the data without their knowledge.
The company denied the charge, referring to the hack as an “act of cyberterrorism” and saying it was making the full- delete option available to all users.
But Bourne says scrubbing a system of every single trace of a user is very hard to do. “In practice, it’s extremely difficult if not impossible.”
Sarah Turk, an analyst for IBIS-World, doesn’t think this will scare consumers away from online dating sites.