Lindsay Dodgson reports: If you sign up to Ashley Madison, you don’t have to think about what you’re doing as cheating, but “outsourcing your sex life.” “In 2018 we expect our life partners are going to be everything to us — they’ve got to be my best friend, they’ve got to be sexually compatible, they have to be great at coparenting,” Ruben Buell, Ashley Madison’s president and chief technology officer, told Business Insider. “We have to have the same vision of finances, we have to have the same hobbies, the same interests… There’s so much pressure on that one relationship, everything has to be right. “And sometimes, the vast majority of it is right, but maybe there’s something that’s not.” This is one of the reasons Ashley Madison currently sees 20,000 new sign ups a day, and over 40,000 affairs happen on the site every day. Even after the data leak back in 2015, people came back to Ashley Madison. Read more on Business Insider.
Thomas Fox-Brewster reports: Despite the catastrophic 2015 hack that hit the dating site for adulterous folk, people still use Ashley Madison to hook up with others looking for some extramarital action. For those who’ve stuck around, or joined after the breach, decent cybersecurity is a must. Except, according to security researchers, the site has left photos of a very private nature belonging to a large portion of customers exposed. The issues arose from the way in which Ashley Madison handled photos designed to be hidden from public view. Whilst users’ public pictures are viewable by anyone who’s signed up, private photos are secured by a “key.” But Ashley Madison automatically shares a user’s key with another person if the latter shares their key first. By doing that, even if a user declines to share their private key, and by extension their pics, it’s still possible to get them without authorization. Read more on Forbes. And no, that wasn’t Forbes’ headline for the story.
Jonathan Stempel reports: The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach. Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis. Read more on Reuters. Ruby Corp issued the following press release: Ruby Corp. and Ruby Life Inc. (ruby), and a proposed class of plaintiffs, co-led by Dowd & Dowd, P.C., The Driscoll Firm, P.C., and Heninger Garrison Davis, LLC, have reached a proposed settlement agreement resolving the class action lawsuits that were filed beginning July 2015 following a data breach of ruby’s computer network and subsequent release of certain personal information of customers of Ashley Madison, an online dating website owned and operated by Ruby Life Inc. (formerly Avid Dating Life Inc.) The lawsuits, alleging inadequate data security practices and misrepresentations regarding Ashley Madison, have been consolidated in a multi-district litigation pending in the United States District Court for the Eastern District of Missouri. If the proposed settlement agreement is approved by the Court, ruby will contribute a total of $11.2 million USD to a settlement fund, which will provide, among other things, payments to settlement class members who submit valid claims for alleged losses resulting from the data breach and alleged misrepresentations as described further in the proposed settlement agreement. Since July 2015, ruby also has implemented numerous remedial measures to enhance the security of its customers’ data. While ruby denies any wrongdoing, the parties have agreed to the proposed settlement in order to avoid the uncertainty, expense, and inconvenience associated with continued litigation, and believe that the proposed settlement agreement is in the best interest of ruby and its customers. In 2015, hackers gained access to ruby’s computer networks and published certain personal information contained in Ashley Madison accounts. Account credentials were not verified for accuracy during this timeframe and accounts may have been created using other individuals’ information. Therefore, ruby wishes to clarify that merely because a person’s name or other information appears to have been released in the data breach does not mean that person actually was a member of Ashley Madison. The plaintiffs’ consolidated class action complaint alleges that the defendants misrepresented that they had taken reasonable steps to ensure AshleyMadison.com was secure and that the data breach resulted in the public release of certain personal information contained in AshleyMadison.com accounts and included account information of some users who had paid a fee to delete their information from the AshleyMadison.com website. Further information regarding the settlement and the claims process will be made available if and when the settlement agreement is approved by the Court. SOURCE ruby Life Inc.
Graham Cluley reports: Blackmailers are once again trying to make money out of the notorious Ashley Madison hack, which exposed the details of registered members of the cheating website in 2015. Robin Harris writes on ZDNet that he has received a blackmail threat, alerting him that unless he pays up $500 worth of Bitcoin his personal details will be shared on a new website being created by the extortionists. The site, which the blackmailers claim will be launched on May 1 2017, is said to be called “Cheater’s Gallery”: “On May 1 2017 we are launching our new site — Cheaters Gallery – exposing those who cheat and destroy families. We will launch the site with a big email to all the friends and family of cheaters taken from Facebook, LinkedIn and other social sites. This will include you if do not pay to opting out.” Read more on HotForSecurity.
Amanda Bronstad reports: AshleyMadison.com’s parent company is hoping to knock out more than 20 class actions filed over its 2015 data breach by invoking online arbitration agreements the plaintiffs signed when they subscribed to its matchmaking services. The move to arbitrate comes after Avid Life Media Inc., which has been rebranded as Ruby Corp., agreed last month to pay $1.6 million to settle claims by the Federal Trade Commission and several state attorneys general over the breach, which compromised financial and personal information of nearly 37 million subscribers. Read more on Law.com.