Month: August 2015

Your Name Was Exposed by The Ashley Madison Hack. Here’s What To Do:

Posted on by admin

We recently wrote an article about the controversy surrounding the Ashley Madison hack and why it points to a larger issue of privacy. Our stance on this situation is not whether adultery is right or wrong but that this exposure of private information threatens our assumption of privacy on the web. What we buy, where we bank, what we research, and even who we date can be exposed. So regardless of how you feel about adultery, we should all be terrified at the idea that a single group or person can decide to compromise that promise for their own personal agenda.

In this article, we’ll discuss what you can do if your Ashley Madison account information has been leaked and what can be done to minimize its damage to your reputation.

STEP 1: CHECK THAT YOU’RE ACTUALLY ON IT

We don’t condone searching the Ashley Madison data breach records for anyone other than yourself, but you’ll want to check if your information has actually been compromised. “Have i been pwned” allows you to check if your email has been compromised by a data breach and alerts you via email. This site requires you to verify the email address so only you will have access to the breached data associated with your information.

STEP 2: PREVENT AND BURY NEGATIVE SEARCH RESULTS AROUND YOUR NAME

As more people access and digest the information from the leak, you might find the information start to find its way into the search results that show up when someone Googles your name. By building positive, relevant content about you, it’s possible to push the compromising information further down in search results and out of the public’s eye. This might not save your relationship, but it can minimize all the public embarrassment.

Burying any type of negative search result is a 3-step process:

Step 1: Create high-quality websites & profiles for your name:

  • Secure your domain name: Go to a domain registrar like GoDaddy or Hover and purchase a personal domain name like “yourname.com”. If the “.com” is unavailable, try for “yourname.net” or “yourname.org”. You can also add a qualifier such as “yournameonline.com” or “yournamenyc.com”. The important thing is that “Your Name” is in the domain and remains together. Even if you don’t plan to use the domain right away, it prevents someone else from snagging it out from under you.
  • Build a personal website: Your website should be a central hub of information about you: detailed bio, professional experience, interests, links to your social media profiles, contact info, your blog, etc. We recommend building your site with WordPress because it is relatively easy to use and the sites tend to rank well in search engines.
  • Create high-ranking profiles: Social media is one of the best ways to get positive information about you on the web, so it’s important to create and manage several profiles. The profiles that tend to rank the highest are the Big Four: Twitter, LinkedIn, Facebook & Google+, but you should also look to be on other sites as well.

Step 2: Optimize your sites & profiles for search engines: Once you have your sites and profiles, you need to ensure that they have the best chance of ranking for your name in search results. Make sure to fill out your sites & profiles completely, include your name in as many key places as possible, and stay active on them. BrandYourself’s free tool guides you through the process of ensuring your sites are as search engine friendly as possible.

Step 3: Update, maintain and promote content over time: Combating a negative search result – like information from the Ashley Madison hack – will take time. It’s important to consistently create content for your name including social media activity, blogging, rich media creation (videos, images, SlideShares, etc.) and other types of content.

For more information, check out BrandYourself’s 4-part video series that guides you step-by-step through this process.

STEP 3: SECURE YOUR PRIVACY ONLINE

Unfortunately there is no guaranteed way to protect yourself from every type of hack. However, there are several best practices that will drastically increase the security of your own information.

Basic security tips:

  • Use a secure password. Insecure passwords are the easiest way for an attacker to gain access to your information. If you’ve ever thought twice about whether your current password is secure, then it isn’t. Especially if it’s a real word like the name of your dog – that definitely isn’t secure. Make sure to mix up letters and numbers and strive for at least 8 characters.
  • Use a password management tool tool like LastPass or 1Password. They create and store incredibly secure passwords for you, and have phone apps and browser plugins that actually make it even easier to sign into any account, like a very secure master key that unlocks the rest.
  • Don’t provide your real email address and name if it’s not required. Using a disposable email generator like FakeInbox allows you to sign up for websites without giving out your actual email address.
  • Use incognito mode or private browsing mode when you browse online.
  • Always clear your browser history and cookies.
  • Turn on Adblockers (like AdBlock for Google Chrome).

Advanced security tips:

  • Set up a VPN or proxy like TunnelBear or HideMyAss. These make it much harder to track your IP address when browsing online.
  • Use Duck Duck Go for web searches. It’s the only search engine that doesn’t collect any personal information.
  • Use Tor as your browser. Tor allows internet browsers to improve their privacy and security on the Internet. Be sure to read the documentation when setting it up, because it can be complicated.
  • Encrypt your email using something like Enigmail and PGP). Using PGP (“Pretty Good Privacy”) you can drastically reduce the chance that anyone can read your emails without the proper authentication – even if they fall into the wrong hands. Although setup can be complicated for novices, it is very secure. Here’s a guide to getting started.
  • Use Dmail to send self-destructing emails. Though it’s less secure than PGP, it’s an option that will reduce the chances that your emails fall into the wrong hands.
  • Use Cyber Dust as a replacement for text messages. Cyber Dust allows you to send self-destructing text messages à la snapchat. Your messages disappear after they are read, without a trace.

Was your info exposed by the Ashley Madison list? Schedule a call with one of our Reputation Advisors to see how we can help suppress the information in search results. 

The Ashley Madison Hack: A Privacy Issue, Not an Adultery Issue

Posted on by admin

By now you’ve probably heard all the controversy around the “Ashley Madison Hack”. If not, here’s a quick recap: Ashley Madison, a dating website primarily meant to help people have extramarital affairs, was recently threatened by a hacker group called “The Impact Team”. The team condemned the morals of Ashley Madison and its members, threatening to release users’ private information (names, addresses, credit card information, etc.) if the site was not taken down.

The group recently followed through on their threat, and the aftermath is worse than anyone expected: the private information of over 30 million Ashley Madison users was posted publicly online. Those users now live in fear of being publicly shamed on the web – which could have a massive impact on their personal lives.

While on the surface this may seem like a deserved day of reckoning for exposed adulterers, it speaks to a much larger privacy issue that concerns everyone. We live our entire lives online, and our actions there hinge on the promise of privacy. We believe that what we buy, where we bank, what we research, and even who we date should be private. So regardless of how you feel about adultery, we should all be terrified at the idea that a single group or person can decide to compromise that promise for their own personal agenda.

LET’S CONSIDER A FEW SPECIFIC ISSUES RELATED TO THE ASHLEY MADISON HACK BEFORE GETTING INTO THE BROADER IMPLICATIONS:

  • Users who were exposed by the hack are not necessarily adulterers. In fact, some people may have never signed up in the first place. Since free accounts didn’t require any verification, it’s possible someone used someone else’s email to sign up for an account. Others aren’t on the site for an extra-marital affair. According to interviews with the founder, many people use the site to discreetly find partners who share unique sexual habits. Even further, many people claim they browse the site as a cathartic fantasy exercise with no real intention of ever acting on it –  the equivalent of writing an angry letter with no intention of ever sending it.  No matter the case, this will likely cause a lot of embarrassment and even severe personal turmoil for people who never actually did anything wrong.

  • Not all users are having extramarital affairs behind their partner’s’ back. According to past interviews with the founder, a growing number of people are in consensual open relationships and use the site as a way to discreetly find new partners. By exposing their information, you’re breaching their promise of privacy and causing severe embarrassment for them.

  • Even for those having non-consensual extramarital affairs, this is a cruel way to expose them. You won’t find many people who outwardly approve of infidelity. That said, most people would also agree that a relationship – and all its ups, downs, betrayals and triumphs – are not the business of the general internet. When you publicly shame someone, you’re not just hurting the perpetrator, you’re hurting their spouse and family too.

LET’S FORGET ABOUT ASHLEY MADISON AND MOVE ON TO THE BIGGER PICTURE.

While cheating happens to be a generally frowned upon subject, what if the crusaders were against something else? What if they exposed a private online support group to help struggling people come out of the closet? What if they exposed the private records of people who have had abortions? What if they exposed the home addresses of people who support gun rights? The point is this: online privacy is important, and we need to make sure we take measures to protect it.

IF YOU’RE AN ASHLEY MADISON USER, HERE’S WHAT YOU CAN DO TO MINIMIZE THE DAMAGE: 

Unfortunately your hacked user information is already out in the wild, which means it’s only a matter of time before it will start to appear in search results when people Google your name. But by proactively taking measures to strengthen your online reputation now, you can prevent this information from defining who you are online.

The website ashleymadisonhack.org has in-depth information about how to limit the damage of the Ashley Madison hack. It also provides measures you can take to prevent something like this happening to you in the future. Full disclosure: the site was created by my company BrandYourself, whose mission is to help people have a say in what appears about them online.

IF YOU’RE NOT AN ASHLEY MADISON USER, WHY DOES THIS BREACH MATTER TO YOU?

How would you feel if someone released the following information about you:

  • Everything you Googled in the last year

  • Every website you visited in the last year

  • Everything you’ve ever purchased online

  • Every YouTube video you’ve watched

Online privacy matters even if you have nothing to hide. No matter who you are, if that info was published without your consent, it would cause embarrassment and undoubtedly lead to personal and professional issues – especially if that information was released without any context, like in the Ashley Madison hack.

HOW CAN YOU MINIMIZE THE CHANCES OF YOUR PRIVACY BEING BREACHED?

Unfortunately there is no guaranteed way to protect yourself from every type of hack. However, there are several best practices that will drastically increase the security of your own information.

Basic security tips:

  • Use a secure password. Insecure passwords are the easiest way for an attacker to gain access to your information. If you’ve ever thought twice about whether your current password is secure, then it isn’t. Especially if it’s a real word like the name of your dog – that definitely isn’t secure. Make sure to mix up letters and numbers and strive for at least 8 characters.

  • Use a password management tool tool like LastPass or 1Password. They create and store incredibly secure passwords for you, and have phone apps and browser plugins that actually make it even easier to sign into any account, like a very secure master key that unlocks the rest.

  • Don’t provide your real email address and name if it’s not required. Using a disposable email generator like FakeInbox allows you to sign up for websites without giving out your actual email address.

  • Use incognito mode or private browsing mode when you browse online.

  • Always clear your browser history and cookies.

  • Turn on Adblockers (like AdBlock for Google Chrome).

Advanced security tips:

  • Set up a VPN or proxy like TunnelBear or HideMyAss. These make it much harder to track your IP address when browsing online.

  • Use Duck Duck Go for web searches. It’s the only search engine that doesn’t collect any personal information.

  • Use Tor as your browser. Tor allows internet browsers to improve their privacy and security on the Internet. Be sure to read the documentation when setting it up, because it can be complicated.

  • Encrypt your email using something like Enigmail and PGP). Using PGP (“Pretty Good Privacy”) you can drastically reduce the chance that anyone can read your emails without the proper authentication – even if they fall into the wrong hands. Although setup can be complicated for novices, it is very secure. Here’s a guide to getting started.

  • Use Dmail to send self-destructing emails. Though it’s less secure than PGP, it’s an option that will reduce the chances that your emails fall into the wrong hands.

  • Use Cyber Dust as a replacement for text messages. Cyber Dust allows you to send self-destructing text messages à la snapchat. Your messages disappear after they are read, without a trace.