37 million users have had their most sensitive details harvested in the latest Ashley Madison hack. A team named the “Impact team” claimed responsibility for the attack however there is no clear knowledge yet as to how the attack was performed. Some of the data was immediately published online by the hackers, however ALM (The Toronto based company which owns the website amongst other websites of similar nature) were able to take down the links/websites pointing to the stolen data.
A few interesting points in this attack:
Based on ALM’s statement they have always used top security solutions from around the world to protect their user’s data. If this statement is true it would be very interesting and crucial for other organizations to find out how the hackers were able to infiltrate the layers of security. Was there a zero day vulnerability exploit? Was it an insider job or perhaps a piece of insecure source code that made it through to the live environment and exposed the whole system.
All too often organizations invest a lot in securing their network layer with firewalls and intrusion detection systems however if the application code is not validated for vulnerabilities and the application goes live with vulnerable code, a hack with potentially devastating impact is inevitable.
ALM have released the following announcement:
We were recently made aware of an attempt by an unauthorized party to gain access to our systems. We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.”
“We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.”
“We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.”
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible.”
“Avid Life Media has the utmost confidence in its business, and with the support of leading experts in IT security, including Joel Eriksson, CTO, Cycura, we will continue to be a leader in the services we provide. “I have worked with leading companies around the world to secure their businesses. I have no doubt, based on the work I and my company are doing, Avid Life Media will continue to be a strong, secure business,” Eriksson said.”
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.