Avid Life Media announced that CEO Noel Biderman has stepped down, following the company's embarrassing public data breach.
Senior management will be responsible for day-to-day operations of the company, until a permanent replacement can be identified. It's going to be a confusing time for Avid Life Media, after a "criminal intrusion" that reportedly occurred over years by unknown hackers.
"This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees," Ashley Madison noted in a statement. "We are steadfast in our commitment to our customer base."
Almost 45 percent of Americans have suffered from a cyberattack targeting sensitive health information, according to a recent iSheriff white paper.
It has been an absolutely atrocious year for healthcare data breaches, with the likes of Anthem, Premera, CareFirst, and UCLA Health Systems suffering breaches - totaling a whopping 143 million patient records.
"When more than forty percent of the US population has been a victim of a data security breach, we must recognize this is an epidemic that can and will hit any healthcare provider," said Paul Lipman, CEO of iSheriff. "These breaches not only cost time and money, they risk compromised medical records that could impact health diagnoses and outcomes. Cybercrime is the new healthcare crisis."
Avid Life Media, the operator of Ashley Madison, is facing multiple lawsuits following a massive data dump that included around 37 million records.
"I'd be surprised if you get a lot of traction here," said Scott Vernick, partner and head of data security and privacy at the Fox Rothschild LLP law firm, in a statement published by the Associated Press. Even with the data finding its way from the dark web to the regular Internet, trying to win lawsuits against breached companies doesn't tend to end up well for plaintiffs.
A Canadian law firm recently filed a $578 million class-action lawsuit on behalf or Ashley Madison users, and there are at least four active lawsuits against Avid Life in the United States. One was filed in Missouri, one was filed in Texas, and two others were filed in California - and all have anonymous plaintiffs listed.
Text passwords are a thing of the past, or at least they should be, according to recently released findings from a LaunchKey survey. whil 46% of users stated that they had more then 10 passwords to keep track of, a massive 84% further claimed that they would rather remove passwords all together.
Obviously some form of protection must be added, with experts pointing towards authentication-style security being the way to go. This will help eliminate user-centered issues such as 77% of the surveyed population stating they often forget passwords, followed by a common trend of constantly changing passwords being a serious annoyance.
LaunchKey CEO Geoff Sanders agrees, stating in a recently issued press release that "the future of authentication is free from traditional passwords," adding "We must remove the vulnerability and liability that passwords have created while implementing more secure authentication methods that account for an evolving and diversiﬁed landscape of use cases, end users and threats."
Cybersecurity firm Symantec has stepped up and announced it is keeping more than one billion Internet of Things (IoT) devices secure, providing enhanced security for connected TVs, vehicles, critical infrastructure, smart meters, and more.
The Symantec Unified Security Strategy utilizes its Embedded Critical Systems Protection for device security, IoT roots of trust and device certificates, and code signing certificates and secure app services. It's an important goal as there are expected to be more than 25 billion 'Things' by 2020, with that number increasingly growing.
Even though more manufacturers are interested in IoT, trying to keep these newly-connected Things secure will be difficult. Cybersecurity experts have shown concern related to lax security practices that could open up new avenues of cybercrime by hackers.
Avid Life Media is still trying to deal with a major PR disaster after The Impact Team breached Ashley Madison, and the company has offered up a $500,000 CAD ($377,000) bounty.
"You know The Impact Team has crossed the line," said Bryce Evans, acting staff superintendent of the Toronto Police, during a Monday morning press conference. "This hack is one of the largest data breaches in the world. The social impact behind this leak, we're talking about families, we're talking about children, we're talking about wives, we're talking about their male partners. It's going to have impacts on their lives... this is affecting all of us."
Evans also asked for the hacking community to "do the right thing" and help Avid Life Media and the police identify the hackers. Even if members of The Impact Team are identified, however, trying to bring them to justice could be extremely difficult - depending where they are located in the world.
After the Ashley Madison data dump, which featured more than 33 million accounts, it was no surprise that the fallout would ensnare plenty of people that would need to explain themselves. One political leader already claimed he used the site for "opposition research," and now Florida State Attorney Jeff Ashton publicly apologized after his name was discovered on Ashley Madison.
Ashton described his decision to sign up for Ashley Madison as a "bad, childish, stupid error" and he "did not commit a crime" by using the site. Ashton claims he typically logged in using a personal laptop and through public Wi-Fi networks. He reportedly didn't meet anyone via the site, and didn't have an affair.
"While I indulged my curiosity about the site it never went beyond that," Ashton said during a press conference. "These were incredibly stupid choices." In addition, Ashton won't step down and plans to return back to work: "I think I've humiliated myself enough for one weekend. Tomorrow morning I go back to work."
Avid Life Media and Avid Dating Life are not going to have a fun time following the fallout of Ashley Madison's data being publicly dumped to the Internet. Thousands of Canadians had their privacy violated following the breach, which included personal names, email addresses, home addresses, and message history - and the lawsuits are going to roll in.
Charney Lawyers and Sutts, Strosberg LLP filed a $578 million class-action lawsuit on behalf of Ashley Madison members located in Canada. The lawyers won't try to include the Impact Team in the class-action lawsuit, as seeking damages from a foreign-based hacker group would be difficult.
"Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law," the law firms said. "They are outraged that AshleyMadison.com failed to protect its users' information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed."
Louisiana GOP Executive Director Jason Dore confirmed his name was one of millions exposed in the Ashley Madison data dump.
The Republican Party statewide director used his full name and former personal credit card billing address, but claims he was doing a bit of research for his Doré Jeansonne law firm:
"As the state's leading opposition research firm, our law office routinely searches public records, online databases and websites of all types to provide clients with comprehensive reports," Doré told The Times-Picayune. "Our utilization of this site was for standard opposition research. Unfortunately, it ended up being a waste of money and time."
DARPA wants to help develop new solutions to defend against distributed denial of service (DDoS) attacks, with foreign cybercriminals launching large volumes of attacks against US military and government targets.
The Extreme DDoS Defense (XD3) aims to provide a DDoS countermeasure system that is able to identify incoming attacks, and help defend networks. Depending on the attack sophistication, DARPA wants to have a response time of 10 seconds or less - a difficult challenge, but an important one that could be used in the private sector and by the government/military.
"In general, the program aims to thwart DDoS attacks by dispersing cyber assets (physically and/or logically), disguising the characteristics and behaviors of those assets, and mitigating the attacks (especially low-volume attacks) that still penetrate the targeted environment," according to the DARPA Broad Agency announcement, asking for applicants.