By Jocelyn Baird, NextAdvisor.com
By now, you've probably heard about the hacking and subsequent release of user information from infamous dating website Ashley Madison (which uses the motto "Life is short, have an affair"). If you aren't in the loop, a group of unknown hackers broke into the website's database and stole the personal and financial information of 32 million users. This data was first posted on the "dark web," which is accessible through a special browser called Tor, but has made its way to the open web, according to CNNMoney. Within a few days of the stolen database being posted online, people associated with many of the exposed accounts were facing extortion at the risk of being outed to family members and colleagues. Victims of this breach are at risk for identity theft, extortion scams and even loss of their lives. As of Monday, Aug. 24, at least one suicide in the U.S. and two in Canada have been linked to the Ashley Madison database leak. Avid Life Media, the website's Toronto-based parent company, is offering $500,000 (Canadian Dollars) to anyone with information that leads to the identification of the hackers.
If I'm not on the list, why should it matter to me?
Whether you are a part of the database or not, this hack could affect you. Millions of e-mail addresses, home addresses, credit cards and other information are contained within the leaked database. Since it was possible for someone to sign up for an account using fake credentials, it's possible that you might be a victim without even realizing it, if your email address was used. Furthermore, home addresses and other personal information which is apt to change hands could put innocent people at risk for being targeted by scammers and identity thieves.
Perhaps the most concerning about this data breach is how much information was accessed -- and how easily it was done. Ashley Madison requires users to provide names, birth dates, addresses and other information, and users must pay to have their information removed from the database. As a result, many people who may not have actually used the website for its intended purpose were still exposed due to their information being retained -- even if they paid to have it removed. Although most other websites don't charge a fee to have your information removed, it's worth examining just how often you give out your contact information to websites without stopping to find out what will be done with it. Since you often can't guarantee your information will be kept safe or deleted when you ask, it's best to adopt a policy of not sharing unless necessary. If you must give an email address, create one specifically for signing up on websites rather than using your personal or, worse, work email.
What dangers are those on the list facing?
And for those who are on the list legitimately, there is an awful lot at stake. According to security blogger Brian Krebs, people whose emails and other information are in the database are being contacted with targeted extortion attacks -- and there may be far worse attacks to come, such as spear-phishing attacks that lock the person's computer and files with malware known as ransomware until payment is received. The currency of choice for most online criminals these days is Bitcoin, and so far the extortion attacks people have seen are requesting money in the form of Bitcoin in exchange for not exposing people.
There is an additional concern that criminals may use the Ashley Madison information to target the government, since more than 15,000 emails ending in ".mil" were part of the leak. This is the top-level email domain used by the U.S. military.
How can I know if I've been part of a data breach?
While the circumstances surrounding the Ashley Madison breach certainly make it unique, it's not the only data breach Americans should be concerned about by a long shot. Although you can sometimes count on receiving a letter or e-mail from a breached company to let you know that your information has been compromised, sometimes you are left in the dark. To help, a security blogger named Troy Hunt created a website called Have I Been Pwned? that people can use as a resource to determine whether or not they've been exposed in a publicly leaked data breach. Simply input your email address or username into the search box, and it will scan to see if that information comes up within any data breaches.
If your information is discovered, the search results will be red and it will tell you which data breaches your information was found in. If your information is not found, a green all clear screen will be shown. While this website is a great resource built by a trusted web security professional, be aware that other people have stolen this idea to try and scam others -- something Hunt discovered recently. It's important to always check web pages thoroughly to determine if they're secure, who created them and whether information you input will be stored or used.
Keeping an eye on your email account for suspicious emails, as well as watching your bank and credit card statements to be sure no unusual activity is occurring can also help you safeguard against identity theft in the wake of data breaches. You can learn more about protecting your identity by following our identity theft protection blog.
This blog post originally appeared on NextAdvisor.com.