Adultery site leak: More than meets the eye

The homepage of the Ashley Madison website.
The homepage of the Ashley Madison website. PHOTO: REUTERS

Affected Ashley Madison users could risk their jobs or be blackmailed or scammed

Singapore users of adultery website Ashley Madison who have had their data leaked could end up more than just embarrassed.

They also risk losing their careers and being blackmailed or scammed, cyber security experts tell The Straits Times.

Last week, more than 32 million of its members around the world had their personal information leaked online by hackers.

A check by The Straits Times showed there were 4,003 e-mail addresses with the ".sg" suffix.

Of these, 36 bore the ".edu.sg" domain, while two had ".gov.sg" addresses, suggesting that some users were public servants who had used their work e-mail addresses to register with the portal.

POOR SECURITYPRACTICES

If they do not have a level of professionalism to handle customer data, it probably means they don't have good security practices.

MR CHARLES LIM, a senior analyst with consultancy firm Frost & Sullivan

There were 2,556 addresses which ended in ".com.sg" which used e-mail domains such as Hotmail or Yahoo.

A senior industry analyst with consultancy firm Frost & Sullivan, Mr Charles Lim, said using a work e-mail address to sign up with such a site is never wise.

He added: "That is your choice and your personal life, but you are jeopardising your career by providing the link."

Mr Aloysius Cheang, Asia-Pacific managing director of global computing security association Cloud Security Alliance, said that business e-mail addresses are company property, adding: "You shouldn't be using it for personal reasons, which include subscriptions to any website for leisure."

While Ashley Madison is banned in Singapore, some users have managed to access it via virtual private networks.

Experts have cautioned against portals which do not require e-mail addresses to be verified, as it poses security issues.

Mr Lim said: "It's definitely a very bad practice not to have e-mail verification. One should avoid such websites.

"If they do not have a level of professionalism to handle customer data, it probably means they don't have good security practices."

Senior analyst Clement Teo of US-based market research firm Forrester said: "The nature and the credibility of the company matters a lot. Anyone can hack even a secure site. So you must ask whether you want to associate yourself with the site to begin with.

"We inadvertently leave behind digital footprints. It's not difficult at all to trace it back to you."

In the United States and Canada, the hacking of the website has led to spin-off crimes such as blackmail and online scams targeting spouses of "cheating" members.

Canadian police have also reported two suicides that are allegedly related to the data leak.

Users of such controversial and "morally grey" services put themselves at risk of blackmail and online scams, added Mr Cheang.

But he noted that e-mail addresses registered with the website might be entered by robots or even the parent company for business reasons.

"They may need to boost numbers against a rival site," he said.

Experts urged users to exercise caution when volunteering personal information on the Web, and look out for security features such as the lock sign and e-mail verifications.

While Mr Cheang described it as "common sense", Mr Lim said more education is needed. "It's about being more careful about what you share," he added, noting that credit-card information, for example, can be used for fraud.

Mr Teo added: "You shouldn't let the lust for a good time overshadow the security precautions that you need to take."

A Ministry of Education spokesman said it will check the veracity of the e-mail accounts used on Ashley Madison.

He noted that ".edu.sg" e-mail accounts could belong to students, educators and staff in education institutions, including private education institutions.

He added: "If there are breaches of regulations or inappropriate conduct that undermines the values expected of our educators, we will take appropriate action."

A version of this article appeared in the print edition of The Straits Times on August 28, 2015, with the headline 'Adultery site leak: More than meets the eye'. Print Edition | Subscribe