NEW YORK — The Ashley Madison hack is a big reminder to all Web users: If you submit private data online, chances are it will never fully be deleted.
NEW YORK — The Ashley Madison hack is a big reminder to all Web users: If you submit private data online, chances are it will never fully be deleted.
The hackers, who stole the data about a month ago and then posted it online this week, claimed in a statement that part of the reason for the theft was Ashley Madison’s fraudulent promise to fully delete users’ information if they paid the company a $19 fee.
The website — whose slogan is “Life is short. Have an affair” — is marketed to people looking for extramarital relationships. It purports to have about 39 million members.
The hackers said the company failed to delete the information, even though it collected the fees. Toronto-based Avid Life Media Inc., Ashley Madison’s parent company, hasn’t commented on the hackers’ accusation. A company spokesman didn’t respond to multiple emails seeking comment.
It’s virtually impossible to exist in modern society without putting at least some personal information online. Many people can’t get through a day without using the Internet to shop, pay a bill, or check their credit card balance.
People have become accustomed to trusting their most precious personal information to companies. But they also need to know that all of that information is being shared more than they would expect, privacy experts say.
Before you hit “submit,” stop and think before giving up your personal information to any kind of website, said Michael Kaiser, executive director of the National Cyber Security Alliance, an industry-funded group that educates consumers about cybersecurity.
“Personal information is like money, and you don’t just give away your money,” Kaiser says. “In the environment we’re in right now, you have to value it and think about protecting it everywhere you go on the Internet.”
That means taking a look at a website’s business to get an idea of how much they value information security and even asking them about their data retention practices. Banks, which deal in financial information, and large retailers, who have a vested interest in getting people to shop online, are probably safer bets than a dating site.
“Ashley Madison actually charges you to remove your information when you remove your account,” he says. “That’s a big clue about how they feel about your personal information.”
People also need to sometimes take a pass on convenience in the name of online security.
Many consumers like it when e-commerce sites have their credit card and other information on file, or when Web browsers automatically fill in forms with their name, address and other details, says Peter Tyrrell, chief operating officer of the data security firm Digital Guardian. Meanwhile, worries about data theft and loss have prompted companies to back up important information in multiple places.
But both practices increase the likelihood that information could be leaked or shared. And it means that even when a person thinks that their information has been permanently deleted, chances are there are still copies floating around somewhere.
Breaches, whether they be at a major retailer such as Target Corp., a health insurance company such as Anthem Inc., or Ashley Madison, have become so common that people should give some serious thought before putting personal information online, says Caleb Barlow, a vice president at IBM’s security division.