APPS
APPS
APPS
Ashley Madison found to be exposing members’ private photos without permission
Notorious cheating hookup site Ashley Madison is back in the news after it was discovered that the site was exposing private, often sexually explicit member photographs to other members without permission.
Discovered by security researchers Bob Diachenko and Matt Svensson, the exposure involves the way Ashley Madison handles member photos that are meant to be viewed privately by members logged into the site. Those photos are secured by a “key” that Ashley Madison shares with a member, say User A, when User B who owns the photo agrees to let User A view it. But in a seemingly strange oversight, when User A sends User B the key, Ashley Madison immediately provides the key for User B in return.
In effect, what this means is that any users signing up to the site, even using multiple accounts, can obtain photographs from any member simply by sending a key linked to their own photos.
The issue, as explained by Diachenko and Svensson, is related to default settings in each account. Users can actually opt out of this occurring, but by default, the site allows automatic photo sharing, even when the photos shared by the member are set to private when the other member sends private photos.
“During testing, less than 1 percent of users revoked their key after it had been given,” Diachenko wrote. “It is our assumption that this means that most users do not understand the impact of this policy. We believe it is far less likely that users who go through the effort to distinguish between public and private photos are ok with any random user seeing their private pictures.”
After being informed of the security risk, Ashley Madison has limited the amount of daily key exchanges, but likewise, its parent company, Avid Life Media, stated that it “does not agree and sees the automatic key exchange as an intended feature.”
While clearly not a good look for the company, it has suffered worse issues. The site was famously hacked in July 2015, with the data from 30 million to 40 million users subsequently making its way online later the same year. That data dump resulted in users being blackmailed, a profitable enterprise for the scammers extorting Ashley Madison users until it ended with both a class action lawsuit and a regulatory action in Canada and Australia.
Image: Ashley Madison
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
