In this day and age it’s ridiculous how frequently large organizations are falling prey to SQL Injection (SQLi) which is almost totally preventable as I’ve written previously. If I’ve missed something you’re aware of please let me know in the comments at the bottom of the page. For some simple tips see the OWASP SQL Injection Prevention Cheat Sheet.
On 18 and 20 August, the group leaked more than 25 gigabytes of company data, including user details.
Because of the site's policy of not deleting users' personal information – including real names, home addresses, search history and credit card transaction records – many users feared being publicly shamed.
The Impact Team announced the attack on 15 July 2015 and threatened to expose the identities of Ashley Madison's users if its parent company, Avid Life Media, did not shut down Ashley Madison and its sister site, "Established Men".
"At this time, we have been able to secure our sites, and close the unauthorized access points.
Carolyn Gregoire argued that "Social media has created an aggressive culture of public shaming in which individuals take it upon themselves to inflict psychological damage" and that more often than not, "the punishment goes beyond the scope of the crime." Charles J.
Orlando, who had joined the site to conduct research concerning women who cheat, said he felt users of the site were anxious the release of sexually explicit messages would humiliate their spouses and children.He wrote it is alarming "the mob that is the Internet is more than willing to serve as judge, jury, and executioner" and members of the site "don’t deserve a flogging in the virtual town square with millions of onlookers." Users whose details were leaked are filing a 7 million class-action lawsuit against Avid Dating Life and Avid Media, the owners of Ashley Madison, through Canadian law firms Charney Lawyers and Sutts, Strosberg LLP.The remaining were used only one time, the day they were registered.We are working with law enforcement agencies, which are investigating this criminal act.Any and all parties responsible for this act of cyber-terrorism will be held responsible.Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online." with a PGP key.