TORONTO – It’s a bad time to be an Ashley Madison user.
Over the last week, hackers have released a treasure trove of once-confidential user data from the affair facilitating website, allegedly containing account details and log-ins for some 32 million users.
Suddenly, any email that appears in the leaked database is under scrutiny. One of the biggest problems is that Ashley Madison didn’t require users to verify their email addresses when they signed up for the service – which means you could have used any email to sign up.
Already some users have come forward saying their email is on the list, but insist they never used the service.
And whether those accounts were made with the intent to cheat, with the consent of a spouse or partner, out of curiosity, as a gag, or as an attempt smear someone’s name, is hard to prove.
But, as with most things on the Internet, the impact on that person’s offline life can be huge.
The Ashley Madison data leak may be the most recent example of why we should start taking our online privacy more seriously – but it’s not the first.
Over the last year, we’ve seen high-profile data leaks stem from the Sony Pictures hack, ‘The Fappening’, the Target credit card breach and the Heartbleed bug. And each time a new breach is reported, we are inundated with information and articles on how to protect ourselves.
Yet most privacy and security experts will still argue that the average web user is lazy when it comes to protecting their information.
In fact, a 2014 survey done by IT solutions provider EMC found that Canadians were less likely than their global counterparts to trade privacy for online convenience.
At the time, the survey found 56 per cent of Canadians had been personally affected by a data breach – two per cent higher than the global average. But only 31 per cent said they change their passwords regularly.
Speaking of passwords – you would think something like the Heartbleed bug would be a wakeup call for those using weak passwords. But, according to password management company SplashData, the top three worst passwords of 2014 were “123456,” “Password,” and “12345.”
Will our behaviour change?
Now that the alleged intimate details of people’s love lives are being shared all over the web – will we finally start taking online privacy more seriously?
“I would compare it to any other news or any other incident that happens to someone – it’s really fresh right now and people are thinking, “Oh yeah I really should be aware of this.” But the more it happens the more accustom we become to it – the faster it returns to normal.”
Rau said a lot of it comes back to human nature – those who haven’t been affected by a data leak assume that it won’t happen to them.
Businesses should be held accountable
Privacy expert and professor at the University of Toronto Andrew Clement agrees that people’s behaviours are unlikely to change after the Ashley Madison leak – but notes that the onus doesn’t fall entirely on the user.
“Part of the problem is that the media like to ride on these scandals and imply, as your question does, that it is people’s behaviour that needs to change, while largely letting off the organizations, both public and private, off the hook.”
Ashley Madison was known to brag about its security features prior to this breach. Part of its core advertising to users was the guarantee of a discreet and confidential service. On the website’s homepage, it features a badge for a “trusted security award.”
After hackers initially targeted the site in July, a statement from Ashley Madison’s parent company Avid Life Media read, “We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place.”
But, as Mashable reporter Christina Warren pointed out, companies like Avid Life Media don’t have much incentive to follow through with those security promises.
“When a car company issues a major recall, there are often punitive fines associated too. In the past, automakers have been accused of not fixing major structural or safety defects because it would cost more than a recall. Regulators now materially punish automakers that make those kinds of decisions,” Warren wrote in an article published Thursday.
“We don’t have that kind of accountability when it comes to digital safety, but we should.”
For this reason, much of our own control over our privacy is out of our hands. While we have the ability to protect ourselves by controlling what information we hand over to organizations, it’s up to the organization to protect that information.
“It is extremely difficult for individuals to assess the actual risks,” Clement said. “As long as organizations feel they can get away with taking advantage of this, the dynamic will continue.”