I’m in the middle of moving so I’m typing this up on my phone. As you may well be aware, I detest brevity as I loathe all encumbrances upon all opportunities to hear (or read) myself talk (or write). Here’s what you need to know to keep yourself safe.
First, keep this firmly in mind: Just because someone’s name or email address shows up in this breach does NOT mean they cheated on their spouse.
Ashley Madison does not verify a user’s email account when they sign up at all. This means anyone in the world could have entered your email address when they signed up. Now you look guilty.
There are other reasons an account is not necessarily a scarlet letter, even if it really does belong to the purported account holder. The person could have signed up because:
* They were curious and just wanted to look around
* They wanted to cheat but changed their mind.
* They signed up when single and subsequently got married and forgot all about the site. (Or paid for Ashley Madison’s delete account service and clearly did not get their money’s worth)
* They want to protect their identity online so they sign up for every high-profile social networking site that pops up.
* Or, possibly, they could want to cheat on their spouse. Diff’rent strokes and all.
Keep yourself safe
Do not click links in social media which claim to show you whose accounts were breached. Doesn’t matter if the link says your account is listed, your boss’s, a celebrity, or a politician. Scammers looooove throwing up bait like this to trick people into installing viruses or paying money or paying money to install viruses. Steer clear.
To see if your account is listed, visit this website (given my previous paragraph, I understand if you don’t want to click through)
This is the only website that I trust for this sort of information. The only one.
Now, since this information is sensitive, the author of the site, Troy Hunt, requires you to verify that you own the email address in question before he tells you whether or not you were among the breached Ashley Madison accounts. Click ‘Notify Me’ in the menu and sign up for notifications. Once you have verified your email address the website will let you know privately if you, well, ‘been pwned’.
This is a good practice, in general. I signed up for notifications from haveibeenpwned so if my email address ever shows up in a breach (even one which hasn’t been publicized) I get emailed.
Educate yourself
Here are a couple great articles from information security news sources I trust.
Brian Krebs, the foremost info sec journalist, wrote an article on the breach data.
Graham Cluley, a well-respected info sec analyst, has another article.
